National Guard Addresses Aftermath of Cyberattack in Minnesota

📟 News

Date: 01/08/2025

Minnesota Governor Tim Walz has enlisted the National Guard to address the aftermath of a cyberattack that struck the state capital, the city of Saint Paul, last week.

It is reported that city authorities are currently working with state and federal officials to investigate the attack and restore system functionality. However, online payments may still be unavailable in the city, and some services in libraries and recreational centers are temporarily not working.

The attack continued throughout the past weekend, causing numerous disruptions across the city and affecting digital services and critical systems in St. Paul. It is worth noting that the population of Minnesota’s capital exceeds 311,000 people, making it the second-largest city in the state after Minneapolis.

“While many city services remain operational, some may be temporarily unavailable or paused due to limited system access. We appreciate your patience and understanding as we work to fully restore system operations,” reads the statement from city authorities.

Authorities emphasize that since the attack was detected, the Saint Paul authorities have been working around the clock, coordinating their efforts with the Minnesota state IT service and an external cybersecurity contractor.

“Unfortunately, the scale and complexity of this incident have exceeded both internal and commercial response capabilities,” authorities acknowledged this week and declared a state of emergency. “As a result, St. Paul was compelled to seek cybersecurity support from the Minnesota National Guard to mitigate the impact of this incident and ensure the uninterrupted operation of essential municipal services.”

No details about the attack itself have been disclosed yet. According to St. Paul Mayor Melvin Carter, the attack was discovered on July 25 and was described as a “deliberate and coordinated digital attack carried out by a sophisticated external threat actor intentionally and criminally targeting the city’s information infrastructure.”

Based on the system shutdown, it can be assumed that St. Paul has suffered from a ransomware attack. However, city authorities refrain from disclosing details about the nature of the incident and whether any ransom demands have been made.

Related posts:
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework

According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…

Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks

OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…

Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims

According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…

Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…

Full article →
2025.01.29 — Google to disable Sync in older Chrome versions

Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…

Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…

Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'

A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…

Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store

According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…

Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…

Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign

According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…

Full article →