
Russian government hackers who compromised the U.S. Treasury and Commerce Departments have another victim on their hands: the U.S. Department of Homeland Security, Reuters said.
People familiar with the matter told Reuters that a team of sophisticated hackers believed to be working for the Russian government won access to internal Homeland Security communications. Department of Homeland Security spokesman Alexei Woltornist said the department is aware of reports of a breach and is currently investigating the matter.
“The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response,” Woltornist said in a statement.
[Related: 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact]
National security agencies and defense contractors have also been compromised as part of this campaign, Wall Street Journal cybersecurity reporter Dustin Volz said on Twitter. Volz and The Washington Post are also reporting that Homeland Security has been breached.
The massive Homeland Security bureaucracy is responsible for border security, cybersecurity and most recently the secure distribution of the COVID-19 vaccine, according to Reuters. The Russian intelligence service hackers behind this campaign - also known as APT29 – had previously attempted to steal coronavirus vaccine research and data, according to The Washington Post.
The Post reported Sunday that APT29 was behind the Treasury and Commerce departments compromises, the attack on FireEye disclosed Tuesday, as well as attacks on other U.S. government agencies. The breaches have been taking place for months and may amount to an operation as significant as the State Department and White House hacks during the Obama years, The Post said.
There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, Reuters reported Sunday. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, according to Reuters.
APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016, The Post said. APT29 hacks for espionage purposes, stealing secrets that can be useful for the Kremlin to understand the plans of politicians and policymakers.
A FireEye blog post states that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, but didn’t disclose the identity of any of the victims. Media reports have attributed attacks on the U.S. Treasury and Commerce Departments as well as FireEye to a vulnerability in the Orion products, but SolarWinds said Monday it’s still investigating.
SolarWinds’ stock plunged 16.60 percent -- or $3.91 -- in trading Monday morning to $19.64 per share, which is the lowest the company’s stock has traded since Sept. 25. FireEye’s stock, meanwhile, has dropped 11 percent -- or $1.70 -- to $13.82 per share since the hack was disclosed after the market closed Tuesday.
related stories
Video
trending stories
sponsored resources

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

Comm100
Collaboration & Communications 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

Veeam
Veeam

Acer
Remote Workforce 360

Partner Program Guide Showcase

NPD
Industry Trends 360

Comcast Business
Comcast Business Learning Center

Terranova Security
Cybersecurity 360

CyberPower
CyberPower

eSentire
Managed Detection and Response 360

EPOS
EPOS

Sherweb
Sherweb

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Carbonite
Cloud Storage 360

VMware

HubStor
Cloud Backup 360

Wasabi
Wasabi

Cysurance
Cyber Insurance 360

Vertiv
Edge Computing Learning Center

Webroot
Webroot Learning Center

Tenable
Cyber Risk 360

Fujifilm
Fujifilm

Sophos
Sophos Cybersecurity Learning Center

Vonage
Vonage

BlackBerry
BlackBerry Learning Center

Cyber Protection 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Smart 3rd Party
3rd Party Maintenance 360

SentinelONE
EndPoint Security 360

iboss
Cloud SASE Platform 360

Dell Technologies
Dell Technologies Storage Learning Center

Fortinet
Fortinet

Area 1 Security
Area 1 Security
