The State Department on Thursday warned employees about a tidal wave of malicious messages attempting to trick staffers into opening a door for hackers.

“Personnel are advised to be alert for suspicious activity related to ongoing cyber operations targeting the Department,” the agency’s Cyber and Technology Security Directorate said in an email sent early Thursday morning to all workers.


Last month, more than 2,000 employees received emails, texts and social media messages designed to fool them into either downloading malware or handing over their login information, according to the email, which multiple sources provided to POLITICO.

The warning encouraged employees to report the malicious messages to help cyber experts “understand the broadened scope of cyber targeting against the Department.”

Hackers have used subject lines that mention a political science conference and a technology conference to entice victims into clicking links or downloading infected attachments, according to the State Department message. Other subject lines reference stock market secrets.

Morning Tech Technology news from Washington and Silicon Valley — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. {{#success}} {{heading}} {{message}} {{heading}} {{message}} More Subscriptions {{message}}

A department employee said that he recalled seeing one of these "spearphishing" emails with one of the subject lines.


The State Department has been a top target for foreign government hackers over the years.

For instance, it took months to kick out suspected Russian hackers during a November 2014 intrusion.

Hackers from the NSA, which protects U.S. systems in addition to attacking adversaries’ computers, engaged in “hand-to-hand” combat with the foreign intruders during the incident, according to former NSA Deputy Director Rick Ledgett, who described the digital battle as “a new level of interaction between a cyber attacker and a defender.”

Several media outlets reported that the hackers were linked to Moscow.


At the time, the agency said it had “detected activity of concern” and shut down its unclassified email system for security upgrades, though it said no classified information was compromised.

One State employee told POLITICO on Thursday that he was having issues accessing the agency’s unclassified email system from the office but said that it worked when accessed from home.

The State Department declined to confirm the spearphishing warning, but a spokesperson said "employees are often alerted through cyber security training and notifications to be mindful of suspicious activity that could target the Department."

The spokesperson also said that employees reported "no systemic issues" with the email system on Thursday.

Nahal Toosi contributed to this report.

