Department of Homeland Security email accounts exposed in SolarWinds hack

Reports suggest Russian threat groups accessed DHS emails during the SolarWinds fiasco.

Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. 

The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. 

SolarWinds, the central point of entry, was compromised by threat actors in December who were able to plant a malicious Orion software update which was deployed to thousands of organizations including Microsoft, FireEye, the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), and the DHS, among many others

According to the news agency, the DHS breach allowed suspected Russian cybercriminals to access email accounts belonging to the Trump administration's former head of the DHS, then-acting Secretary Chad Wolf. 

Based on interviews with past and current US government officials, who chose to remain anonymous, the AP reports that other DHS officials were also targeted including members of staff focused on investigating foreign cybersecurity threats. 

Wolf, and others, were required to use new phones and to communicate via the Signal encrypted messaging platform in the days after the security fiasco. 

A DHS spokesperson said a "small number of employee accounts" were targeted in the breach and there are no longer any indicators of compromise. 

General Paul Nakasone, the leader of United States Cyber Command (USCYBERCOM), said last week (.PDF) that Russia is a "sophisticated cyber adversary" which is on the radar when it comes to national security, in the same manner as China, North Korea, and Iran.

"Moscow conducts effective cyberespionage and other operations and has integrated cyber activities into its military and national strategy," Nakasone said. "Despite public exposure and indictments of Russian cyber actors, Russia remains focused on shaping the global narrative and exploiting American networks and cyber systems."

The commander added that in light of the SolarWinds breach, the US is considering a "range of options" to combat cybersecurity risks during 2021 and beyond.

The US named Russia as the "likely" culprit behind the SolarWinds hack in January, and labeled the incident as "an intelligence-gathering effort". 

Russia has denied any involvement.  

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0