ALERT – NJ State workers targeted in cyber attack
💻 Cyber attack targeted NJ government employees
💻 Bad actors attempted to get workers credentials
💻 What were they really after?
Bogus emails were sent to state employees earlier this month impersonating the New Jersey Office of the Attorney General.
Officials with the New Jersey Cybersecurity and Communications Integration Cell (NJCIC), part of the New Jersey's Department of Homeland Security, issued an alert this week warning workers not to open the emails of click on any links.
The subject line of the email included an "Email Security Notification" and a link to a spoofed website that used actual images from the legitimate NJ Attorney General's webpage.
Recipients were asked to confirm their email accounts and asked for the account password.
New Jersey State employees may have received emails impersonating the NJ Office of the Attorney General (OAG). While the communications may appear to be sent from the email address associated with NJOAG, it originated from a different source. While these messages have been blocked, we are making you aware out of an abundance of caution and ask that you be alert to phishing emails and spoofing techniques - Notice on NJOAG website
The emails tried to create a sense of urgency, by prompting recipients to take action to avoid being locked out of their email or computer systems.
NJCIC says existing cybersecurity protocols and software managed to block most, if not all, of these spoofing attempts.
Homeland Security officials did not specify which state employees were targeted and what part of government they worked for. It is also not clear what information they were ultimately after.
The investigation is ongoing. NJCIC did not identify any suspects or name an arrests.