Russian hackers accessed an unclassified Pentagon network earlier this year, Defense Secretary Ashton Carter said Thursday, the latest high-profile penetration of U.S. government networks that has been blamed on Russian hackers.
Speaking at Stanford University in Palo Alto, California, Carter said the breach, which was only recently declassified and was never publically reported, was quickly detected by Defense Department sensors. It was unclear when the penetration occurred or if the hackers were working on behalf of the Russian government. Attempts by CNN to glean additional details were not immediately successful.
“(The hackers) discovered an old vulnerability in one of our legacy networks that hadn’t been patched,” Carter said. “While it’s worrisome they achieved some unauthorized access to our unclassified network, we quickly identified the compromise, and had a crack team of incident responders hunting the intruders within 24 hours.”
Carter added: “After learning valuable information about their tactics, we analyzed their network activity, associated it with Russia, and then quickly kicked them off the network in a way that minimized their chances of returning.”
The disclosure comes just a few months after Director of National Intelligence James Clapper told the Senate Armed Services Committee that “the Russian cyberthreat is more severe than we had previously assessed.”
And it’s the latest breach of U.S. government networks attributed to Russian hackers.
Earlier this month, U.S. officials said Russian hackers were behind a series of damaging intrusions that penetrated sensitive parts of the White House computer system. Although they were only able to access unclassified systems, the hackers had access to sensitive information like the President’s daily schedule, officials briefed on the investigation said.
Those hackers were able to get into the White House system based on what they had learned through earlier hacks into State Department networks.
Carter’s remarks Thursday were made during an address outlining a new Defense Department strategy on cyberdefense that relies on greater partnership with private vendors. The Defense chief said the Pentagon faces increasingly sophisticated and malicious online threats from both state and non-state realms.
“Our reliance on technology has led to real vulnerabilities that our adversaries are eager to exploit,” Carter said.
And in the wake of North Korea’s alleged attack on Sony last year, as well as the increased threat from Russia, Carter said bulking up U.S. cyberdefenses will be a top priority going forward.
“I worry about what we don’t know,” Carter said. “Because this was only one attack.”
Carter’s appearance in Silicon Valley is part of a Pentagon effort to reassure tech companies that, nearly two years after Edward Snowden’s revelations about government snooping became public, Defense Department cyber action is both lawful and appropriate, while also trying to attract cyber experts to work for the government.
Carter was planning to travel Thursday to Facebook headquarters in nearby Menlo Park to discuss that aspect with Sheryl Sandberg, the company’s chief operating officer, and other employees of the company.
CNN’s Evan Perez and Shimon Prokupecz contributed to this report.