Suspected Russian hackers gained access to the email account of the former head of Homeland Security, among others.
WASHINGTON, DC – The AP has confirmed that the cyber criminals behind the SolarWinds attack successfully compromised the email account of Chad Wolf, former head of the Department of Homeland Security, and other members his team.
In the attack, suspected Russian hackers used SolarWinds’ Orion platform to deploy malware-infested product updates. The compromised updates were delivered to almost 18,000 organizations worldwide from March 2020 through December 2020. Once hackers gained access via the updates, they were then able to pick and choose organizations to target further in a massive campaign that hit at least nine U.S. government agencies and tech companies like Microsoft.
It’s unknown whether the accessed email accounts contained highly sensitive government information.
Ongoing Federal Response
Part of the just-passed COVID-19 stimulus package was $650 million in funding for the Cybersecurity and Infrastructure Security Agency (CISA) to help with ongoing cyber-defense.
Additionally, President Joe Biden is expected to issue an executive order as soon as this week that will mandate a “software bill of materials” for all software and applications in use by the government. It would require a breakdown of the source of all code on the platforms, and would also require the use of multi-factor authentication and data encryption for federal agencies. 3rd party vendors would be required to disclose any potential security issues, vulnerabilities or breaches to the government.
The Biden administration has selected Rob Joyce to lead the cybersecurity division at the National Security Agency. He inherited the job from Anne Neuberger, who left the post to serve as deputy national security adviser for the National Security Council, putting her in charge of cybersecurity for the entire federal government. At the time of this writing, Neuberger has been assigned to respond to the SolarWinds attack.