Emails sent by officials at DHS, which oversees border security and defense against hacking, were monitored by the hackers as part of the sophisticated series of breaches, three people familiar with the matter told Reuters Monday.
Technology company SolarWinds, which was the key steppingstone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.
The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software which it said had been compromised by “malicious actors.”
That warning came after Reuters reported suspected Russian hackers had used hijacked SolarWinds software updates to break into multiple American government agencies, including the Treasury and Commerce departments. Moscow denied having any connection to the attacks.
One of the people familiar with the hacking campaign said the critical network that the Department of Homeland Security’s cybersecurity division uses to protect infrastructure, including the recent elections, had not been breached.
DHS is a massive bureaucracy among other things responsible for securing the distribution of the COVID-19 vaccine.
The cybersecurity unit there, known as CISA, has been upended by President Trump’s firing of head Chris Krebs after Krebs called the presidential election the most secure in American history. His deputy and the elections chief have also left.
The Pentagon said on Monday it is aware of the reports but was not able to comment on “specific mitigation measures or specify systems that may have been impacted.”
The National Security Agency and Joint Force Headquarters Commanders issued guidance and directives to protect DoD networks and IT systems.
SolarWinds said in a regulatory disclosure it believed the attack was the work of an “outside nation state” that inserted malicious code into updates of its Orion network management software issued between March and June this year.
The attacks, first revealed Sunday, earlier hit the US departments of Treasury and Commerce.