Fallout from SolarWinds Attack Continues, DHS Emails Accessed
More information from the attack on SolarWinds continues to come out; current and former administration sources say the nation-state attackers were able to read Homeland Security Secretary’s emails, among others.
The SolarWinds cyberattackers compromised the head of the Department of Homeland Security (DHS) under former president Trump and other top-ranking members of the department’s cybersecurity staff, according to a report.
In the campaign, adversaries were able to use SolarWinds’ Orion network management platform to infect targets by pushing out a custom backdoor called Sunburst via trojanized product updates. Sunburst was delivered to almost 18,000 organizations around the globe, starting last March, before being discovered in December. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate, in a massive cyberespionage campaign that has hit nine U.S. government agencies, tech companies like Microsoft and 100 others hard.
The Associated Press reported that as part of the federal government infiltration, the hackers were able to access the email accounts of then-acting Secretary Chad Wolf and his staff, according to anonymous government sources.
In the wake of the discovery of the massive operation, DHS officials, including Wolf, switched to using new mobile phones with Signal encrypted messaging to communicate, officials told the AP.
DHS spokesperson Sarah Peck told the outlet that “a small number of employees’ accounts were targeted in the breach” and that the agency “no longer sees indicators of compromise on our networks.”
It’s unclear whether the information in the emails was of a classified nature.