430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Email accounts of DHS members were compromised in the SolarWinds hack

Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack. Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack.  “Suspected Russian hackers gained access to email accounts belonging to the […]

DHS iran

Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack.

Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack. 

“Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.” states a report published by the Associated Press reports. 

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices.

Nation-state actors, allegedly Russia-linked hackers, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

A report published by the Washington Post, citing unnamed sources, attributed the attacks to APT29 or Cozy Bear, the Russia-linked APT that’s believed to have recently compromised the top cybersecurity firm FireEye.

FireEye confirmed that a threat actor tracked as UNC2452 had used a trojanized SolarWinds Orion business software updates to distribute a backdoor tracked as SUNBURST.

The attacks are the work of a highly-skilled threat actor and the operation was conducted with significant operational security, FireEye explained.

Now the reports published by the Associated Press agency confirmed that hackers has access to the email accounts belonging to the former head of the DHS, then-acting Secretary Chad Wolf, under the Trump administration.

In response to the intrusion, Wolf and other top Homeland Security officials were instructed to communicate via new clean devices and were instructed into using the encrypted messaging system Signal for their communications.

“The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.” continues the report.

DHS spokesperson Sarah Peck explained that only “a small number of employees’ accounts were targeted in the breach,” The goverment staff immediatelly worked to secure their systems and lock out the threat, according to Peck, the agency “no longer sees indicators of compromise on our networks..”

According to the AP reports, cyberspies also targeted DHS members of staff that were investigating foreign cybersecurity threats. 

Gen. Paul Nakasone, the chief of US cyber command, declared last week that the Biden administration is considering a “range of options” in response to the SolarWinds attack.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, DHS)

[adrotate banner=”5″]

[adrotate banner=”13″]