The Emails of the Department of Homeland Security exposed
Email Accounts Belonging to US Department of Homeland Security (DHS) Officials Seem to Have Been Exposed During the SolarWinds Attack.
The SolarWinds incident has shown us that there is no institution too big to be breached and no organization is completely safe from ransomware, and now we are seeing a new victim of this security incident.
Associated Press reports that unauthorized intrusions happened during the SolarWinds supply-chain attack, when SolarWinds, the central point of entry, was compromised by threat actors in December.
The attackers were able to plant a malicious Orion software update that was deployed and affected thousands of organizations like Microsoft, FireEye, the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), and the DHS, among many others.
The DHS breach allowed the cybercriminals to access email accounts belonging to the Trump administration’s former head of the DHS, Secretary Chad Wolf, as well as other members of the staff focused on investigating foreign cybersecurity threats, making Wolf, and the others to start using new phones and communicate through the Signal encrypted messaging platform following this important security breach.
Using both automated and manual processes, we worked to determine the scope of SolarWinds Orion software products employed across the DoDIN. Each instance was immediately isolated and disconnected from DoD networks. Meanwhile, NSA worked to understand the adversary’s intent and illuminate additional tradecraft and infrastructure to inform threat detection and asset response activities. Finally, we prepared to support and assist other federal departments and the Defense Industrial Base in bounding their respective problems.
General Paul Nakasone, leader of United States Cyber Command (USCYBERCOM), declared just last week that Russia, which presumably is behind the attack, is a “sophisticated cyber adversary” and it’s closely watched when it comes to national security, same as China, North Korea, and Iran are.
Moscow conducts effective cyber espionage and other operations and has integrated cyber activities into its military and national strategy.
Despite public exposure and indictments of Russian cyber actors, Russia remains focused on shaping the global narrative and exploiting American networks and cyber systems.
In light of the SolarWinds breach, the US is considering a “range of options” to combat cybersecurity risks during 2021 and beyond, with the White House wanting to expand federal investments in infrastructure and to build an “unmatched talent base” able to protect the country from cyber threats, whilst elevating the international engagement on cyber issues, working closely with allies to uphold shape global norms in cyberspace.
The US believes that Russia is the “likely” culprit behind the SolarWinds hack that took place back in January, and labeled the incident as “an intelligence-gathering effort”, whilst Russia has denied any type of involvement in the matter.