The Department of Homeland Security (DHS) was successfully breached as part of a major attack on U.S. federal agencies by suspected Russian hackers, Reuters reported Monday.
Reuters cited “people familiar with the matter” in reporting that hackers believed to be working for the Russian government had successfully gained access to internal communications within DHS.
DHS spokesperson Alexei Woltornist did not directly confirm the breach, but told The Hill that “the Department of Homeland Security is aware of reports of a breach” and “are currently investigating the matter.”
The report comes the day after Reuters first reported that both the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration had also been breached as part of an attack backed by a foreign government. The Washington Post attributed the breach to a prolific Russian military hacking group known as “Cozy Bear.”
The incident involved the hackers taking advantage of a vulnerability in software from IT vendor SolarWinds used by multiple federal agencies, along with the majority of U.S. Fortune 500 companies.
Earlier on Monday, Woltornist put out a separate statement noting that “The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response.”
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) put out an emergency directive on Sunday night telling all federal agencies to immediately disconnect systems running SolarWinds products, giving agencies until noon on Monday to report to CISA that they had completed this process.
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation,” acting CISA Director Brandon Wales said in a statement on Sunday.