The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.
The Washington Post cited unnamed officials who said that the DHS — which is in charge of protecting the country from attacks both online and off — had been added to a growing list of targets in the attack, including the Treasury and Commerce departments.
A statement from DHS Monday did not confirm the report, saying only that it was “aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response.”
The Cybersecurity and Infrastructure Security Agency (CISA), which is attached to the DHS, on Sunday said it had ordered federal agencies to immediately stop using SolarWinds Orion IT products following reports that hackers had used a recent update to gain access to internal communications.
“We urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks,” said CISA Acting Director Brandon Wales.
SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June.
The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers’ computer systems.
FireEye said it suspected the attack was state-sponsored, and warned it could have affected numerous high profile targets across the globe.
“This campaign may have begun as early as Spring 2020 and is currently ongoing,” FireEye said in a blog post.
The content the hackers have sought to steal — and how successful they have been — is not known at this time.
“We believe this is nation-state activity at significant scale, aimed at both the government and private sector,” said IT giant Microsoft, which is also investigating, in a blog…