Cyber Incident Victim: New York City Government
Date:
Feb 2015
Location:
United States of America
Summary
A cyberattack targeting New York City government systems involved a denial of service attack spread via malware-infected email attachments, potentially originating near Russia with the intent to scam employees. The attack disrupted inbound and outbound email processing across all city agencies, though internal communications remained unaffected, and specifically targeted the Parking Violations Bureau as an entry point. Over 100 Long Island Rail Road employees received malicious emails from the city's Department of Finance, which were intercepted by the agency's security systems due to suspicious attachments capable of compromising computers. While city officials characterized the incident as low-severity service interference without data theft, law enforcement agencies including the FBI and NYPD were investigating ongoing malicious activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2015, New York City government agencies experienced a cyberattack disrupting email services across all agencies. Law enforcement sources indicated the denial-of-service attack likely originated near Russia and involved malware distributed through malicious email attachments designed to damage systems or steal information. The attack employed a "swarm" method with simultaneous intrusion attempts, specifically targeting the Parking Violations Bureau under the Department of Finance as an entry point. While city officials acknowledged the attack was universal in scope, they characterized it as low-severity, emphasizing that only inbound and outbound email processing was impaired—internal agency communications remained functional. A Department of Information Technology and Telecommunications spokesperson stated the attack aimed to degrade email performance rather than compromise sensitive data. Initial reports suggested the incident subsided within days, though a City Hall source contradicted this by noting ongoing malicious activity persisting into the following week.
The attack’s secondary impact emerged at the Long Island Rail Road (LIRR), where over 100 employees received malware-infected emails from the Department of Finance on February 17. LIRR security systems identified and quarantined the messages, which contained multiple suspicious zip file attachments capable of installing programs to hijack computers and extract data. An unnamed LIRR source credited their robust malware prevention systems with mitigating potential damage, noting the railroad’s status as a major regional transport operator necessitated such defenses. Despite the city’s public minimization of the incident, the LIRR case revealed a more serious dimension involving potential data exfiltration attempts. Multiple agencies including the FBI, NYPD, and Multi-State Information Sharing and Analysis Center launched investigations into the attack’s origins and methods, while city officials declined further comment regarding the discrepancies between their initial assessment and the LIRR evidence.