"SolarWinds Attackers Accessed DHS Emails, Report"
The SolarWinds cyberattackers were able to use SolarWinds’ Orion network management platform to infect targets by pushing out a custom backdoor called Sunburst via trojanized product updates. Sunburst was delivered to almost 18,000 organizations around the globe, starting last March, before being discovered in December. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate in a massive cyberespionage campaign that has hit nine U.S. government agencies, tech companies like Microsoft, and 100 others hard. According to anonymous government sources, it has recently been discovered that as part of the federal government infiltration, the hackers were also able to access the email accounts of then-acting Secretary Chad Wolf and his staff. It is unclear whether the information in the emails that the hackers accessed contained classified information. Tim Wade, technical director on the CTO team at Vectra, stated that the information classification protocols should have helped more sensitive details from being directly accessible and exposed without a hostile, foreign actor first finding access and exfiltration channels classified networks. However, he also stated that even unclassified communication between sensitive parties could disclose a great deal of actionable intelligence if seen by the hackers.
Threatpost reports: "SolarWinds Attackers Accessed DHS Emails, Report"