Hackers accessed emails of top DHS officials as part of SolarWinds breach: report

Hackers involved in what has become known as the SolarWinds breach accessed email accounts of top officials at the Department of Homeland Security (DHS) along with other personal information of senior federal officials, The Associated Press reported Monday. 

According to the AP, former acting DHS Secretary Chad Wolf’s email account was breached as part of the wide-reaching effort by suspected Russian hackers, along with the email accounts of DHS employees responsible for carrying out cybersecurity activities. 

The incident, which is one of the largest cybersecurity breaches in U.S. history, also reportedly allowed the hackers to access the private schedules of former Energy Secretary Dan Brouilette and other senior officials at the agency. A spokesperson for the Department of Energy told The Hill the agency “has found no evidence the network that maintains senior officials’ schedules was compromised.”

A spokesperson for DHS did not directly confirm the extent of the breach Monday, but told The Hill in a statement that “a small number of employees’ accounts were targeted.”

“A widespread intrusion campaign targeted many federal government and private sector entities, including DHS,” the spokesperson said. “Upon learning about the campaign, the Department took immediate steps to respond to the incident, including leveraging response teams from CISA and private sector partners, to continue executing its mission.”

“The Department no longer sees indicators of compromise on our networks and remains focused on further securing our networks against future attacks, integrating lessons learned from this incident,” the spokesperson added. “However, this widespread intrusion campaign has again shown that our strategic adversaries are sophisticated, persistent, and have increasing capabilities.”

The DHS spokesperson stressed that the agency is evaluating “lessons learned” and working with the White House on ensuring that federal cybersecurity defenses could be built up and modernized. Some of these efforts would be funded through use of $650 million that was included in the recent COVID-19 relief package for DHS’s Cybersecurity and Infrastructure Security Agency (CISA). 

“As the Department charged with leading federal civilian cybersecurity efforts, we look forward to continuing our work, and working with other agencies to enhance the federal government’s cybersecurity posture, including by using the funds recently made available through the American Rescue Plan for this effort,” the DHS spokesperson said. 

The report comes as the Biden administration is still working to determine the extent of the SolarWinds hack. The incident, first discovered in December but ongoing for around a year, involved what U.S. intelligence agencies have assessed was “likely” Russian hackers exploiting vulnerabilities in software from IT group SolarWinds to access customer networks, along with other avenues.

A White House official said in February that at least nine federal agencies and 100 private sector groups had been compromised as part of the breach, and press secretary Jen Psaki has said multiple times to expect a response to Russian cyber aggression in “weeks, not months.”

Emily Horne, spokesperson for the White House’s National Security Council, said in a statement provided to The Hill on Monday that “cybersecurity is a top priority for the Biden administration.”

“The United States government, coordinated by Deputy National Security Advisor for Cyber Anne Neuberger, is working around the clock to continue to make the investments necessary to effectively defend the nation against malicious cyber activity,” Horne said.

She noted that Biden had been “briefed and is tracking” both the SolarWinds hack and the more recently uncovered vulnerabilities in Microsoft’s Exchange Server application, which allowed at least one Chinese state-sponsored group to access data from thousands of organizations. 

“The White House is working with our public and private partners, keeping Congress updated, actively driving efforts to reduce the impact, and defining the next steps we need to take on Solar Winds and Microsoft,” Horne said. “There will be an executive order coming shortly that includes initiatives to proactively reduce the risk of compromises like SolarWinds and Exchange.”

Both the former Trump administration and the current Biden administration have taken steps to address the SolarWinds hack, with a cyber unified coordination group consisting of the FBI, CISA, the National Security Agency, and the Office of the Director of National Intelligence brought together to investigate the incident in early January. 

A senior Biden administration official told reporters earlier this month that federal agencies were in the midst of carrying out a process to “eradicate” the hackers from their systems, set to wrap up at the end of March.

“In our review of what caused SolarWinds, we saw significant gaps in modernization and in technology of cybersecurity across the federal government,” the senior official said. “We will be rolling out technology to address the specific gaps we identified, beginning with the nine compromised agencies. We want to make the federal government a leader, not a laggard, in cybersecurity.”

-Updated at 4:15 p.m.