SolarWinds hackers reportedly breached high-level DHS email accounts

The email for the acting secretary at the time, Chad Wolf, was among those breached in a hacking campaign attributed to Russian intelligence.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

DHS officials in charge of catching foreign adversaries were hacked in the SolarWinds attack, the AP reported Monday.

Angela Lang/CNET

The hackers behind the complex malware campaign known as the SolarWinds breach accessed high-level email accounts at the US Department of Homeland Security, according to an AP report. The accounts reportedly belonged to then-acting Secretary Chad Wolf, appointed by President Donald Trump in November 2019, as well as DHS officials in charge of identifying threats from foreign adversaries. 

The report Monday indicates that the suspected Russian hackers breached the email accounts of the very people in the Trump administration whose job it was to catch them. News sources reported in February that DHS was one target of the intrusions, which hit at least nine total federal agencies in addition to 100 private companies. The hackers used malware implanted in software made by SolarWinds, as well as vulnerabilities in software from other companies, to breach a variety of systems. 

The SolarWinds hack came to light in December 2020, when security experts at FireEye, Microsoft and Crowdstrike identified widespread malware on the corporate systems of their customers. Hackers had inserted the malware into a legitimate update to popular programs made by SolarWinds, a Texas-based IT software maker. Thousands of companies and government agencies installed the update, and then the hackers focused in on a smaller group of targets.

DHS didn't immediately reply to a request for comment on Monday. According to the AP, Wolf and other officials used the encrypted chat service Signal on new phones to communicate in the days after the attack.

See also: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams