National Guard Addresses Aftermath of Cyberattack in Minnesota

📟 News

Date: 01/08/2025

Minnesota Governor Tim Walz has enlisted the National Guard to address the aftermath of a cyberattack that struck the state capital, the city of Saint Paul, last week.

It is reported that city authorities are currently working with state and federal officials to investigate the attack and restore system functionality. However, online payments may still be unavailable in the city, and some services in libraries and recreational centers are temporarily not working.

The attack continued throughout the past weekend, causing numerous disruptions across the city and affecting digital services and critical systems in St. Paul. It is worth noting that the population of Minnesota’s capital exceeds 311,000 people, making it the second-largest city in the state after Minneapolis.

“While many city services remain operational, some may be temporarily unavailable or paused due to limited system access. We appreciate your patience and understanding as we work to fully restore system operations,” reads the statement from city authorities.

Authorities emphasize that since the attack was detected, the Saint Paul authorities have been working around the clock, coordinating their efforts with the Minnesota state IT service and an external cybersecurity contractor.

“Unfortunately, the scale and complexity of this incident have exceeded both internal and commercial response capabilities,” authorities acknowledged this week and declared a state of emergency. “As a result, St. Paul was compelled to seek cybersecurity support from the Minnesota National Guard to mitigate the impact of this incident and ensure the uninterrupted operation of essential municipal services.”

No details about the attack itself have been disclosed yet. According to St. Paul Mayor Melvin Carter, the attack was discovered on July 25 and was described as a “deliberate and coordinated digital attack carried out by a sophisticated external threat actor intentionally and criminally targeting the city’s information infrastructure.”

Based on the system shutdown, it can be assumed that St. Paul has suffered from a ransomware attack. However, city authorities refrain from disclosing details about the nature of the incident and whether any ransom demands have been made.

Related posts:
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer

Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…

Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies

GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…

Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers

Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…

Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters

According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…

Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024

According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…

Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…

Full article →
2025.02.28 — Qualcomm extends support for Android devices to 8 years

Qualcomm Technologies announced its collaboration with Google with the purpose to provide extended support for OEM devices running on company's flagship chipsets. This partnership will…

Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update

Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…

Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage

According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…

Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder

According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…

Full article →