Suspected Russian SolarWinds Hack Compromised Homeland Security Department

The Department of Homeland Security (DHS) is one of at least three major federal agencies that were targeted by a cyberattack conducted earlier this year, according to reports by Reuters and The Wall Street Journal.

SolarWinds, an IT company that serves more than 300,000 customers, including several federal and state agencies in the U.S., said it alerted approximately 33,000 of its customers about the attack on Sunday. The company said in a U.S. Securities and Exchange Commission (SEC) filing on Monday that fewer than 18,000 customers are believed to have been affected.

The Commerce Department confirmed to Newsweek that one of its bureaus was targeted in the attack, which SolarWinds said is believed to have affected some customers who downloaded or updated its Orion products between March and June of this year. The Treasury Department was also affected by the attack, according to the Associated Press.

Reuters and The Wall Street Journal reported on Monday afternoon that individuals familiar with the investigation identified the DHS as another major federal agency targeted in the attack.

Department of Homeland Security SolarWinds
A hacker uses a computer on December 27, 2019, in Paris. The U.S. Department of Homeland Security is one of at least three federal agencies believed to have been targeted in a recent cyberattack. Chesnot/Getty

In a statement to Newsweek, DHS Assistant Secretary for Public Affairs Alexei Woltornist acknowledged there were breaches "across the federal government."

"The Department of Homeland Security is aware of cyberbreaches across the federal government and working closely with our partners in the public and private sector on the federal response," the statement said. "As the federal lead for cyberbreaches of civilian federal agencies, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has already issued Emergency Directive 21-01 to the federal government to address compromises related to SolarWinds."

Woltornist said CISA will provide updates as more information becomes available and encouraged individuals with information about the attack or any other breaches to contact CISA officials.

Shortly after SolarWinds alerted its customers about the breach, the CISA directed all federal civilian agencies that use Orion products to shut down or disconnect them so they could assess whether the cyberattack affected their organizations. CISA's acting director, Brandon Wales, said in a statement that the attack posed "unacceptable risks to the security of federal networks."

Last night we issued an emergency directive to mitigate the compromise involving SolarWinds Orion products: We urge all our partners—in the public & private sectors—to assess their exposure to this compromise and to secure their networks.

— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 14, 2020

SolarWinds said in its Monday SEC filing that it is investigating to determine which of its customers have been affected by the attack. The company said it "has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state" and said it is investigating to identify the perpetrators.

Experts told the AP that Russian hackers are believed to be behind the cyberattack, though a Kremlin spokesperson denied the accusations and told reporters that Russia was not responsible.

Newsweek reached out to CISA for comment but did not receive a response in time for publication.