U.S. Homeland Security and businesses respond to suspected Russian hack


(Reuters) — The U.S. Department of Homeland Security and thousands of businesses scrambled Monday to investigate and respond to a sweeping hacking campaign that officials suspect was directed by the Russian government.

Emails sent by officials at DHS, which oversees border security and defense against hacking, were monitored by the hackers as part of the sophisticated series of breaches, three people familiar with the matter told Reuters Monday.

The attacks, first revealed by Reuters Sunday, also hit the U.S. departments of Treasury and Commerce. Parts of the Defense Department were breached, the New York Times reported late Monday night, while the Washington Post reported that the State Department and National Institutes of Health were hacked. Neither of them commented to Reuters.

“For operational security reasons, the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,” a Pentagon spokesperson said.

Technology company SolarWinds, which was the key steppingstone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.

The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software that it said had been compromised by “malicious actors.”

That warning came after Reuters reported suspected Russian hackers had used hijacked SolarWinds software updates to break into multiple U.S government agencies. Moscow denied having any connection to the attacks.

One of the people familiar with the hacking campaign said the critical network that DHS’ cybersecurity division uses to protect infrastructure, including the recent elections, had not been breached.

DHS said it was aware of the reports, without directly confirming them or saying how badly it was affected.

DHS is a massive bureaucracy responsible for securing distribution of the COVID-19 vaccine, among other things.

The cybersecurity unit there, known as CISA, has been upended by U.S. President Donald Trump’s firing of head Chris Krebs after Krebs called the recent presidential election…

Source…