Department of Homeland Security email accounts exposed in SolarWinds hack
Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors.
The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply chain attack.
SolarWinds, the central entry point, was compromised by threat actors in December who were able to plant a malicious Orion software update that was deployed to thousands of organizations including Microsoft, FireEye, the Department the US Treasury, the Cybersecurity and Infrastructure Agency (CISA), and the DHS, among many others.
According to the news agency, the DHS breach gave suspected Russian cybercriminals access to email accounts belonging to the Trump administration’s former DHS chief, then acting secretary Chad Wolf.
Based on interviews with past and current US government officials, who chose to remain anonymous, the AP reports that other DHS officials have also been targeted, including staff members charged with investigating the foreign cybersecurity threats.
Wolf and others had to use new phones and communicate through the Signal encrypted messaging platform in the days following the security fiasco.
A DHS spokesperson said a “small number of employee accounts” were targeted in the breach and there are no longer any indicators of compromise.
General Paul Nakasone, the head of United States Cyber Command (USCYBERCOM), said last week (.PDF) that Russia is a “sophisticated cyber adversary” that is on the radar when it comes to national security, from the same way as China, North Korea and Iran.
“Moscow conducts effective cyber espionage and other operations and has integrated cyber activities into its military and national strategy,” Nakasone said. “Despite public exposure and indictments by Russian cyber actors, Russia remains focused on shaping the global narrative and exploiting American networks and cyber systems.”
The commander added that in light of the SolarWinds breach, the United States is considering a “range of options” to address cybersecurity risks in 2021 and beyond.
The United States named Russia as the “likely” culprit in the SolarWinds hack in January and called the incident an “intelligence-gathering effort.”
Russia has denied any involvement.
Previous and related coverage
Do you have any advice? Get in touch securely via WhatsApp | Signal at +447713 025 499, or more at Keybase: charlie0