A threat actor behind the massive SolarWinds hacking campaign had gained access to emails accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity team responsible for detecting threats from foreign countries, The Associated Press reported.
In December 2020, the cybersecurity firm FireEye revealed a wide-spread hacking campaign involving weaponized updates for the SolarWinds Orion software from Texas-based SolarWinds Inc. The cyber-espionage campaign affected at least nine US federal agencies, along with dozens of private-sector companies. U.S. authorities have said the breach appeared to be the work of Russian hackers. Russia has denied any involvement in the breach.
According to AP, the hackers accessed email accounts of then-acting Secretary Chad Wolf and his staff, as well as private schedules of the US Department of Energy’s top officials.
Current and former U.S. government officials told AP that in the days after the attack Wolf and other top Homeland Security officials used new phones that had been wiped clean and used the popular encrypted messaging system Signal for communication.
According to a former administration official, who confirmed the Federal Aviation Administration was among the agencies affected by the SolarWinds breach, the agency was struggling to effectively respond to the threat because of outdated technology and for weeks was unable to identify how many servers it had running SolarWinds software.
At least one other Cabinet member besides Wolf was affected. The hackers were able to obtain the private schedules of officials at the Energy Department, including then-Secretary Dan Brouillette, one of the sources told AP.
According to DHS spokeswoman Sarah Peck, “a small number of employees’ accounts were targeted in the breach” and the agency “no longer sees indicators of compromise on our networks.”