Washington being targeted by phishing campaign, state officials say

Washington state is among those being targeted by a “large-scale, highly sophisticated” nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday.

At a press conference Thursday, Inslee said that the state is taking proactive measures to protect state systems, but he said that no ransomware activity has occurred among the agencies targeted, and no state services have been impacted.

“We’re using every resource at our disposal to prevent these criminals — and that’s what they are — from potentially putting us in that position,” Inslee said.

Inslee and other officials wouldn’t provide specifics about the phishing activity, citing security reasons, but said a recent uptick in efforts had caused concern.

“We’ve seen a ramp up in activity over the past week, which is why we are taking the proactive measures we’re taking to make sure that we’re doing the due diligence that we need to do to protect the state and the state assets and resources,” said James Weaver, the state chief information officer. Weaver said that no personal information was obtained in any of the recent phishing efforts.

Weaver said that private and public entities across the country have been subjected to phishing attacks, and that the state is working with the Department of Homeland Security and other federal partners to combat the attacks. Inslee announced that he was activating the state’s emergency operations center and the National Guard’s cybersecurity team.

“We take this very seriously and it’s been all hands on deck,” Inslee said.

Weaver and Vinod Brahmapuram, the state chief information security officer, said that they haven’t seen any indicators that there were attempts to exploit the state’s election infrastructure but said they would continue to work with Secretary of State Kim Wyman.

“We will continue to work very collaboratively as we look at what we’re seeing as well as the activities that they may be seeing to make sure we are doing a coordinated and comprehensive response,” Weaver said.

An email from Inslee’s office said that an indicator in the current phishing campaign is that the sender’s email address doesn’t match the person supposedly sending the email.

Brahmapuram said that these phishing efforts are prevalent across the globe, and “that’s why it’s important for all of us to be so vigilant.”

“We cannot let our guards down, we have to always pay attention to what is coming through, what we click, what we do,” he said.