/>
X

Department of Homeland Security email accounts exposed in SolarWinds hack

Reports suggest Russian threat groups accessed DHS emails during the SolarWinds fiasco.
charlie-osborne
Written by Charlie Osborne, Contributing Writer on

Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. 

The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. 

SolarWinds, the central point of entry, was compromised by threat actors in December who were able to plant a malicious Orion software update which was deployed to thousands of organizations including Microsoft, FireEye, the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), and the DHS, among many others

According to the news agency, the DHS breach allowed suspected Russian cybercriminals to access email accounts belonging to the Trump administration's former head of the DHS, then-acting Secretary Chad Wolf. 

Based on interviews with past and current US government officials, who chose to remain anonymous, the AP reports that other DHS officials were also targeted including members of staff focused on investigating foreign cybersecurity threats. 

Wolf, and others, were required to use new phones and to communicate via the Signal encrypted messaging platform in the days after the security fiasco. 

A DHS spokesperson said a "small number of employee accounts" were targeted in the breach and there are no longer any indicators of compromise. 

General Paul Nakasone, the leader of United States Cyber Command (USCYBERCOM), said last week (.PDF) that Russia is a "sophisticated cyber adversary" which is on the radar when it comes to national security, in the same manner as China, North Korea, and Iran.

"Moscow conducts effective cyberespionage and other operations and has integrated cyber activities into its military and national strategy," Nakasone said. "Despite public exposure and indictments of Russian cyber actors, Russia remains focused on shaping the global narrative and exploiting American networks and cyber systems."

The commander added that in light of the SolarWinds breach, the US is considering a "range of options" to combat cybersecurity risks during 2021 and beyond.

The US named Russia as the "likely" culprit behind the SolarWinds hack in January, and labeled the incident as "an intelligence-gathering effort". 

Russia has denied any involvement.  

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Related

Raspberry Pi: This 'much requested' feature just took a big step forwards
raspberry-pi-sales-jump-heres-why-the-ti-5ed5fa71a07d36782c1e10b3-1-jun-02-2020-7-10-50-poster.jpg

Raspberry Pi: This 'much requested' feature just took a big step forwards

Developer
How to recover deleted files in Windows 10 or 11
sample-image-16-9-red.jpg

How to recover deleted files in Windows 10 or 11

Windows
Feren OS is a Linux distribution that is as lovely as it is easy to use
The Feren OS desktop.

Feren OS is a Linux distribution that is as lovely as it is easy to use

Linux