Cyber Incident Victim: St. Louis County government website
Date:
Sep 2020
Location:
United States of America
Summary
Hackers attempted to deploy Trojan viruses by exploiting a vulnerability in the St. Louis County government website's management system, mimicking legitimate traffic to bypass multiple defenses. The IT team proactively took the server offline to address the security flaw but determined the remaining single layer of defense was insufficient to prevent future compromise. They opted against reactivating the vulnerable system and instead accelerated the deployment of a new website already under development. No data loss, theft, corruption, or ransom demands occurred, as the attackers never gained control. The incident was not publicly disclosed until nearly two weeks after the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 1, 2020, St. Louis County’s IT staff detected active attacks targeting the county government website’s server, prompting an immediate shutdown of the site. Attackers exploited a vulnerability in the website’s management system, deploying methods that mimicked legitimate traffic to bypass multiple layers of the county’s defenses. The intrusion attempts aimed to install Trojan viruses—malicious software disguised as legitimate programs—which would have granted hackers control over the system. Acting IT Director Charles Henderson confirmed the attacks sought to compromise the server but were blocked before achieving persistence. County defenses had been reduced to a single protective layer during the incident, creating a critical risk that any successful Trojan installation would result in full server compromise. IT personnel took the web server offline for maintenance intending to patch the vulnerability and restore service. After analyzing the attack vectors and remaining defensive capabilities, however, officials determined they could not reliably prevent further breaches if the original system remained operational. This assessment led to the recommendation against reactivating the vulnerable platform.
The county accelerated deployment of a replacement website already under development, implementing it rapidly to restore public access despite the new site’s original launch timeline being months away. Henderson emphasized no data was lost, stolen, corrupted, or otherwise compromised during the attack, and no ransom demands occurred—likely because attackers never gained sufficient control. Public disclosure of the incident as a cyberattack was delayed until nearly two weeks post-event, when media reports prompted official confirmation. The response included permanent retirement of the compromised web server architecture due to its untenable security posture after the breach attempts. Henderson, recently appointed as IT director by County Executive Sam Page, addressed the incident amid his pending confirmation hearing before the St. Louis County Council scheduled for September 15, 2020. The accelerated migration to the new website platform constituted the primary remediation measure, eliminating reliance on the compromised system.