The CGCIRT has discovered that when a user performs a search for the term CG Portal on www.google.com, the Google search engine returns a malicious site as the top choice. The result description appears to be the CG Portal external facing webpage describing our PKI enabled access from the internet; however, the actual link takes the user to a non Coast Guard address that contains links to malicious content.
The malicious site is currently blocked on the CGOne Network but the risk exists for any user who performs a www.google.com search for CG Portal from their home computers. These links have a potential to compromise computers with destructive malware. It poses a risk to the CGOne Network if the user connects via RAS to a Coast Guard system.
Please note that CG Portal’s Google search is not affected by this incident, only searches performed on www.google.com. When accessing any Coast Guard information system from home, users should always type the actual URL into their browsers, in this case https://cgportal.uscg.mil, vs performing a search for the information system.