The hackers behind the complex malware campaign known as the SolarWinds breach accessed high-level email accounts at the US Department of Homeland Security, according to an AP report. The accounts reportedly belonged to then-acting Secretary Chad Wolf, appointed by President Donald Trump in November 2019, as well as DHS officials in charge of identifying threats from foreign adversaries.
The report Monday indicates that the suspected Russian hackers breached the email accounts of the very people in the Trump administration whose job it was to catch them. News sources reported in February that DHS was one target of the intrusions, which hit at least nine total federal agencies in addition to 100 private companies. The hackers used malware implanted in software made by SolarWinds, as well as vulnerabilities in software from other companies, to breach a variety of systems.
The SolarWinds hack came to light in December 2020, when security experts at FireEye, Microsoft and Crowdstrike identified widespread malware on the corporate systems of their customers. Hackers had inserted the malware into a legitimate update to popular programs made by SolarWinds, a Texas-based IT software maker. Thousands of companies and government agencies installed the update, and then the hackers focused in on a smaller group of targets.
DHS didn't immediately reply to a request for comment on Monday. According to the AP, Wolf and other officials used the encrypted chat service Signal on new phones to communicate in the days after the attack.
See also: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams