Homeland Security Latest Breach Victim Of Russian Hackers: Report

Russian government hackers who compromised the U.S. Treasury and Commerce Departments have another victim on their hands: the U.S. Department of Homeland Security, Reuters said.

People familiar with the matter told Reuters that a team of sophisticated hackers believed to be working for the Russian government won access to internal Homeland Security communications. Department of Homeland Security spokesman Alexei Woltornist said the department is aware of reports of a breach and is currently investigating the matter.

“The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response,” Woltornist said in a statement.

[Related: 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact]

National security agencies and defense contractors have also been compromised as part of this campaign, Wall Street Journal cybersecurity reporter Dustin Volz said on Twitter. Volz and The Washington Post are also reporting that Homeland Security has been breached.

The massive Homeland Security bureaucracy is responsible for border security, cybersecurity and most recently the secure distribution of the COVID-19 vaccine, according to Reuters. The Russian intelligence service hackers behind this campaign - also known as APT29 – had previously attempted to steal coronavirus vaccine research and data, according to The Washington Post.

The Post reported Sunday that APT29 was behind the Treasury and Commerce departments compromises, the attack on FireEye disclosed Tuesday, as well as attacks on other U.S. government agencies. The breaches have been taking place for months and may amount to an operation as significant as the State Department and White House hacks during the Obama years, The Post said.

There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, Reuters reported Sunday. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, according to Reuters.

APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016, The Post said. APT29 hacks for espionage purposes, stealing secrets that can be useful for the Kremlin to understand the plans of politicians and policymakers.

A FireEye blog post states that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, but didn’t disclose the identity of any of the victims. Media reports have attributed attacks on the U.S. Treasury and Commerce Departments as well as FireEye to a vulnerability in the Orion products, but SolarWinds said Monday it’s still investigating.

SolarWinds’ stock plunged 16.60 percent -- or $3.91 -- in trading Monday morning to $19.64 per share, which is the lowest the company’s stock has traded since Sept. 25. FireEye’s stock, meanwhile, has dropped 11 percent -- or $1.70 -- to $13.82 per share since the hack was disclosed after the market closed Tuesday.