Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack.
“Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.” states a report published by the Associated Press reports.
The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices.
Nation-state actors, allegedly Russia-linked hackers, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.
A report published by the Washington Post, citing unnamed sources, attributed the attacks to APT29 or Cozy Bear, the Russia-linked APT that’s believed to have recently compromised the top cybersecurity firm FireEye.
FireEye confirmed that a threat actor tracked as UNC2452 had used a trojanized SolarWinds Orion business software updates to distribute a backdoor tracked as SUNBURST.
The attacks are the work of a highly-skilled threat actor and the operation was conducted with significant operational security, FireEye explained.
Now the reports published by the Associated Press agency confirmed that hackers has access to the email accounts belonging to the former head of the DHS, then-acting Secretary Chad Wolf, under the Trump administration.
In response to the intrusion, Wolf and other top Homeland Security officials were instructed to communicate via new clean devices and were instructed into using the encrypted messaging system Signal for their communications.
“The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.” continues the report.
DHS spokesperson Sarah Peck explained that only “a small number of employees’ accounts were targeted in the breach,” The goverment staff immediatelly worked to secure their systems and lock out the threat, according to Peck, the agency “no longer sees indicators of compromise on our networks..”
According to the AP reports, cyberspies also targeted DHS members of staff that were investigating foreign cybersecurity threats.
Gen. Paul Nakasone, the chief of US cyber command, declared last week that the Biden administration is considering a “range of options” in response to the SolarWinds attack.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, DHS)
[adrotate banner=”5″]
[adrotate banner=”13″]