This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
The U.S. Department of Homeland Security (DHS) has been added to a growing list of targets in a major cyberattack by suspected Russian hackers, according to U.S. media reports on December 14.
A DHS statement did not confirm the reports, saying only that it was “aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response.”
Cyberattacks first revealed on December 13 hit the U.S. Treasury Department and the U.S. Commerce Department.
The DHS became the third department thought to be included in the attack, according to The Washington Post and Reuters, citing unidentified officials. DHS is responsible for border security and protecting the country from online attacks. It also plays a role in the distribution of the COVID-19 vaccine.
E-mails sent by officials at the DHS were monitored by the hackers as part of the sophisticated series of breaches, according to Reuters.
U.S. officials said Russian government hackers are believed to be behind the cyberattacks, both Reuters and The Washington Post reported, citing multiple unidentified sources.
The Russian Embassy in Washington denied any involvement, calling the accusation “unfounded.”
“Russia does not conduct offensive operations in the cyber domain,” the Russian embassy said in a statement on its web page.
“Malicious activities in the information space contradict the principles of the Russian foreign policy, national interests, and our understanding of interstate relations,” the statement says.
National Security Council (NSC) spokesperson John Ullyot said in a statement on December 14 that the NSC was working closely with Cybersecurity and Infrastructure Security Agency (CISA) and the FBI and affected departments and agencies “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”
The CISA and the FBI and other agencies are investigating. CISA also has ordered federal agencies to immediately stop using technology products made by the company SolarWinds.
SolarWinds has admitted that hackers from an “outside nation state” inserted malicious code into updates of its network management software issued between March and June this year.
The company said up to 18,000 of its customers had downloaded the compromised updates, which allowed hackers to spy unnoticed.
The company’s software is also used by hundreds of thousands of organizations globally, including major corporations and the most sensitive parts of the U.S. and British governments.
A British government spokesman said the United Kingdom was not currently aware of any impact from the hack but was still investigating.
FireEye, a prominent cybersecurity company that was breached in connection with the incident, said in a blog post that targets included government, technology, and telecommunications companies in North America, Europe, Asia and the Middle East.
Many in the cybersecurity community suspect the Russian intelligence-linked hacking group known as APT29, or Cozy Bear, was behind the FireEye attack.
The same group was behind attacks on the State Department and White House during the administration of President Barack Obama, as well as the hack of the Democratic National Committee’s servers during the 2016 presidential campaign.