29 March 2021

AP: SolarWinds hackers got access to top DHS officials emails


AP: SolarWinds hackers got access to top DHS officials emails

A threat actor behind the massive SolarWinds hacking campaign had gained access to emails accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity team responsible for detecting threats from foreign countries, The Associated Press reported.

In December 2020, the cybersecurity firm FireEye revealed a wide-spread hacking campaign involving weaponized updates for the SolarWinds Orion software from Texas-based SolarWinds Inc. The cyber-espionage campaign affected at least nine US federal agencies, along with dozens of private-sector companies. U.S. authorities have said the breach appeared to be the work of Russian hackers. Russia has denied any involvement in the breach.

According to AP, the hackers accessed email accounts of then-acting Secretary Chad Wolf and his staff, as well as private schedules of the US Department of Energy’s top officials.

Current and former U.S. government officials told AP that in the days after the attack Wolf and other top Homeland Security officials used new phones that had been wiped clean and used the popular encrypted messaging system Signal for communication.

According to a former administration official, who confirmed the Federal Aviation Administration was among the agencies affected by the SolarWinds breach, the agency was struggling to effectively respond to the threat because of outdated technology and for weeks was unable to identify how many servers it had running SolarWinds software.

At least one other Cabinet member besides Wolf was affected. The hackers were able to obtain the private schedules of officials at the Energy Department, including then-Secretary Dan Brouillette, one of the sources told AP.

According to DHS spokeswoman Sarah Peck, “a small number of employees’ accounts were targeted in the breach” and the agency “no longer sees indicators of compromise on our networks.”

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021