SolarWinds Attackers ‘Accessed Emails’ Of Top US Officials

Matthew Broersma,
The White House. Image credit: US government

SolarWinds hackers accessed email accounts of head of Department of Homeland Security and DHS cybersecurity staff, probe finds

The SolarWinds hackers obtained access to the then-head of the US’ Department of Homeland Security and members of the department’s cybersecurity staff, the Associated Press reported.

The DHS confirmed that a “small number” of staff accounts were targeted in the wide-ranging hacking campaign.

The agency said it “no longer sees indicators of compromise on our networks”.

At an earlier Congressional hearing, representative Pat Fallon indicated that a DHS secretary’s email had been hacked, without providing details.

HSBC, security, hacking, solarwindsCyber-espionage

The AP said it was able to identify then-acting DHS secretary Chad Wolf as the official affected.

Wolf declined to comment other than to say he had used multiple email accounts in the role.

The other DHS staff breached included employees involved in hunting cyber-threats from foreign countries, the AP said.

The news agency said it had interviewed more than a dozen current and former US government officials.

US officials have said they believe Russian state-backed hackers were behind the SolarWinds attack, which compromised at least nine US federal agencies and 100 private companies.

General Paul Nakasone, leader of the Pentagon’s cyber-security force, said last week the administration is considering a “range of options” in retaliation.

Security ‘gaps’

The administration has also said it is planning an executive order to address “significant gaps” in modernising the federal government’s security.

The order could reportedly also require many software vendors to notify their federal government customers in the event of a cybersecurity breach.

A recently approved US stimulus package includes $650 million (£471m) in funding for the Cybersecurity and Infrastructure Security Agency (CISA), partly intended for SolarWinds remediation efforts.

Another wide-ranging hack affecting Microsoft Exchange servers also began as a state-backed hacking effort launched by China, according to Microsoft, but has largely affected private-sector organisations.