Cyberthreat to Alabama state government ‘neutralized’

Avatar

The government of Alabama says it has wrapped up the response to a cyberattack on state systems that was first identified about 10 days ago, and it won’t be offering further details about the nature of the incident.

“Following a thorough investigation and coordinated response, OIT can confirm that the threat has been neutralized and Alabama’s core operations are safe and stable,” the state Office of Information Technology (OIT) said in an update Tuesday.

OIT said it worked with unspecified “cybersecurity experts” to respond to the attack, which was first discovered on May 9. 

A May 16 post said there was “no evidence of exfiltration of the personally identifiable information of Alabama citizens,” and there had been no major disruptions in services.

“The public will undoubtedly be curious to know the identity of the bad actor(s) behind this event,” Tuesday’s update said. “Unfortunately, OIT is unable to attribute this attack to any specific individual or organization as our efforts have been solely focused on responding to and mitigating the threat.”

Previous communications had said the intruders had gained access to usernames and passwords of some state employees’ accounts. OIT asked agencies to reset passwords as a precaution.

“Any possible criminal investigations related to this event will be handled by the appropriate state and federal law enforcement agencies, and OIT will gladly offer its support to those investigations if requested,” OIT said Tuesday.

Typical cyberthreats to state and local governments include ransomware and financial scams. A recent example is a data breach in Rhode Island’s state benefits system. Officials there released a timeline of the incident last week.

Oregon’s environmental agency said in late April that it was working on a report about a cyberattack earlier in the month. Officials had not engaged in any negotiations with the attackers, the agency said.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. He previously he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

Next Post

Ohio’s Kettering Health system facing widespread outages after cyberattack

Related Posts

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,
Avatar
Read More

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that
Avatar
Read More