Suspected Russian hackers managed to access the emails of Donald Trump’s last Department of Homeland Security (DHS) chief, in an intelligence coup for the Kremlin, according to a new report.
AP spoke to more than a dozen current and former US officials to discover more about the impact of the infamous SolarWinds attacks, which compromised at least nine federal agencies.
Email accounts belonging to then-acting secretary Chad Wolf were reportedly compromised by attackers during the months-long campaign, although it’s not clear what information was taken. Email accounts belonging to cybersecurity staff whose job it was to tackle foreign cyber-threats were also apparently affected.
The report revealed that another cabinet secretary, the Energy Department’s Dan Brouillette, was affected by the attacks. However, only non-confidential schedules were apparently taken.
What emerges from the interviews with anonymous officials is frustration at the inability of government IT systems to first detect the attack, which was initially flagged by FireEye, and then understand the scale of the impact.
For example, the Federal Aviation Administration (FAA) first said it was not affected by the operation, then was forced to issue a second statement a few days later admitting that its investigations were continuing.
In the end it emerged the agency was breached by the attackers, but struggled for weeks to work out how many of its servers were running SolarWinds software, according to AP.
Tim Wade, technical director at Vectra, said the news about Wolf’s emails may not be as bad as it sounds.
“We should expect that, if followed, protocols related to information classification should have precluded more sensitive details from being directly accessible and exposed without a hostile, foreign actor first finding access and exfiltration channels on classified networks,” he argued.
“Nonetheless, even unclassified communication between sensitive parties can disclose a great deal of actionable intelligence — the concerns raised by this story should not be understated.”
Source: Infosecurity Magazine