Hackers accessed a “small number” of Department of Homeland Security employees’ email accounts during the SolarWinds breach, according to an agency spokesperson.
The suspected Russian operatives successfully targeted then-acting Secretary Chad Wolf and cybersecurity threat hunters, forcing top DHS officials to get new phones with the encrypted messaging application Signal on them, the Associated Press first reported.
Still, the new details on the breach aren’t a good look for the department that’s home to the Cybersecurity and Infrastructure Security Agency, which just received a $650 million appropriation in the American Rescue Plan Act, in part, for SolarWinds recovery.
“The department no longer sees indicators of compromise on our networks and remains focused on further securing our networks against future attacks, integrating lessons learned from this incident,” the spokesperson said. “However, this widespread intrusion campaign has again shown that our strategic adversaries are sophisticated, persistent and have increasing capabilities.”
DHS activated response teams from CISA and the private sector to respond to the SolarWinds breach, which is known to have compromised at least nine agencies by the time it was discovered in December. The department remains in contact with employees affected by the breach for guidance and services, as the response is ongoing.
CISA shared best practices on the SolarWinds Orion eviction guidance it sent affected agencies, as well as detection and forensics tools, with the White House as it considers how to modernize cybersecurity.
The Biden administration has yet to issue a promised executive order on cyber modernization, or name a national cyber director, and continues to mull its options for retaliating against Russia.
Meanwhile, CISA has shifted its focus to developing capabilities for monitoring the insides of networks for anomalous activity to defend against future supply chain attacks like the SolarWinds hack. And the tech industry called on the Office of Management and Budget and General Services Administration to proactively fund urgent cybersecurity projects with Technology Modernization Fund dollars.