Cyber Incident Victim: Allegheny County District Attorney's Office
Date:
Jun 2024
Location:
United States of America
Summary
A cyberattack targeted the Allegheny County District Attorney’s Office, disrupting prosecutors' communications and computer systems, including desk phones, email access, and automated filing capabilities. The office was alerted to the intrusion by federal agencies and proactively shut down its servers to contain the threat and prevent potential spread to other entities. While the attack type remains under investigation, operational continuity measures include staff working remotely, manual paper filings, and temporary public phone lines. Critical functions such as homicide trials continue despite network limitations, with technicians and external partners working to restore services and secure data. The county confirmed its broader IT systems were unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 8 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack targeting the Allegheny County District Attorney’s Office began disrupting operations after officials received alerts from the Department of Homeland Security and FBI on the evening of Thursday, June 27, 2024. The notifications warned of attempts to access the office’s network and target its computer servers, prompting immediate containment measures. First Assistant District Attorney Rebecca Spangler confirmed the office shut down its servers upon detection to prevent potential data breaches and avoid spreading malicious code to external agencies through email communications. This proactive isolation limited the attackers’ access to confidential information, though the specific nature of the intrusion—whether malware, ransomware, or another threat—remained undetermined as of Tuesday, July 2. The office’s independent IT system and technicians worked with unspecified partners to investigate the incident while safeguarding data integrity. Network shutdowns caused significant operational disruptions: staff lost desk phone functionality, faced restricted email access, and could not use automated filing systems critical for court workflows.
The Allegheny County Court of Common Pleas implemented protective restrictions by blocking emails, Microsoft Teams calls, and invitations originating from the DA’s office starting Saturday, June 29, to avoid collateral compromise. Despite these challenges, the office maintained core functions through improvised solutions, including paper-based filings and remote work for some staff. Three homicide trials proceeded during the outage, though general workflow delays persisted. Public communication channels were rerouted through two temporary phone lines and a designated email address ([email protected]). County spokeswoman Abigail Gardner clarified that the broader county IT infrastructure remained unaffected, isolating the incident to the DA’s office. Historical context revealed prior cybersecurity incidents affecting the office, including a 2015 ransomware attack resolved with a $1,400 Bitcoin payment, and recent attacks on Washington County and Pennsylvania’s court systems earlier in 2024. No ransomware demands or data theft claims had been publicly disclosed as of July 2, and federal agencies declined to confirm investigative details. The office continued restoration efforts with no estimated resolution timeline while emphasizing uninterrupted judicial operations.