The Federal ReserveBank of St. Louis confirmed that hackers hijacked its domain nameservers in April, and warned of a potential data breach as well as exposure to malware.

In a statement, the St. Louis Fed informed those who use thebank's public economic data and analysis tools that it discoveredthe breach in late April. That's when attackers succeeded inhijacking the domain name servers for the institution.

The attack redirected Web searches and queries for those seekinga variety of domains run by the government entity to a Web page setup by the attackers in an apparent bid by to hijack onlinecommunications of banks and other entities dealing with theregional Fed office.

The NCUA website was targeted by hackers in March, who also setup a fake site that used design elements from the NCUA's site.The government's Internet Crime Complaint Center issued awarning about the practice in early April.

“As is common with these kinds of D.N.S. attacks, users who wereredirected to one of these phony websites may have been unknowinglyexposed to vulnerabilities that the hackers may have put there,such as phishing, malware and access to user names and passwords,”the agency said in a statement.

In the original notice first reported by Krebs on Security, theSt. Louis Fed said it was made aware that on April 24, 2015,computer hackers manipulated routing settings at a domain nameservice (DNS) vendor used by the St. Louis Fed to automaticallyredirect some of the Bank's web traffic that day to rogue web pagescreated to simulate the look of the St. Louis Fed'sresearch.stlouisfed.org website. This included web pages for FRED,FRASER, GeoFRED and ALFRED.”

According to the Federal Reserve, GeoFRED allows authorizedusers to create, customize, and share geographical maps of datafound in FRED. ALFRED, short for ArchivaL Federal Reserve EconomicData, allows users to retrieve vintage versions of economic datathat were available on specific dates in history.

The St. Louis Fed's own website was not compromised.

The St. Louis Federal Reserve is one of 12 regional Fedorganizations, and serves banks located in the all of Arkansas andportions of six other states: Illinois, Indiana, Kentucky,Mississippi, Missouri and Tennessee. According to the reserve's Website, it also serves most of eastern Missouri and southernIllinois.

Motivation for the attack is unknown but some speculatepolitical activism against U.S. monetary policy.

“Attacks against the Federal Reserve banking system and itsusers won't be taken lightly by the Secret Service. You can expecta deep and thorough investigation,” Dave Jevans, CTO of Menlo Park,Calif.-based Marble Security mobile threat intelligence anddefense, and chairman of the Anti-Phishing Working Group (APWG),said. “[It is a] great way to phish the passwords and emailaddresses of bankers and currency traders. Since people reusepasswords this is a ready font of juicy data to attack all users ofthe Fed's data.”

“These are indeed fairly common occurrences. For one, hijackingDNS is a 'good' way of reaching a sizable pool of victims to stealcredentials from, to infect, or both,” ,” Erik de Jong, a securityresearcher at Netherlands-based Fox-IT, a global threatintelligence firm to financial institutions, said.

“Without more evidence – such as whether the phishing websiteswere stealing credentials, serving malware, or both – it remainstough to draw definitive conclusions,” de Jong added “Assessing thepotential pool of victims might give you an idea about the motive,although that is, of course, not always clear-cut.”

Recent research sponsored by KnowBe4 shows email phishingattacks are now the number one source of data breaches with humanerror at the core. The study shows 67% of respondents say malwarepenetrated their corporate networks through email, with web surfinga close second at 63%. Another 23% say malware has infiltratedtheir networks but they still don't know how. The latest Verizonreport shows that approximately 23% of recipients click on aphishing email. Recovering from such a tactic, even if backupworks, can take hours or days.