Russian threat groups accessed email accounts of DHS members during the SolarWinds attacks.
Russia-linked hackers accesses the email accounts of US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack.
According to a report published by the Associated Press reports, the suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries.
The hacker group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices.
The cyber espionage group have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA).
According to sources, the attacks have been attributed to the Russia-linked APT known as APT29 or Cozy Bear.
The hackers accessed the email accounts belonging to the former head of the DHS, then-acting Secretary Chad Wolf, under the Trump administration.
In response to the intrusion, Wolf and other top Homeland Security officials were instructed to communicate via new clean devices and were instructed to use the encrypted messaging system Signal for their communications.
The report states that the accounts were accessed as part of the SolarWinds intrusion, and it raises the question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.
According to Sarah Peck, a DHS spokesperson only a small number of employees’ accounts were targeted in the breach. The government staff immediately worked to secure their systems and lock out the threat and the agency no longer sees any indicators of compromise on their networks.