According to a report by the Associated Press, attackers behind the SolarWinds hack gained access to email accounts of top officials from the Department of Homeland Security. Email accounts that were compromised include those belonging to the then-secretary Chad Wolf and the department’s cybersecurity staff.
AP’s report states that the actual value of the information the hackers might’ve obtained through these emails is not publicly known. Still, the event represents a symbolic defeat since those in charge of protecting the US from foreign cyber threats ended up being the victims of such an attack. This, understandably, causes worry both in cybersecurity circles and among the general public.
The Texas-based SolarWinds is a renowned IT and network management company with a long list of high-profile clients. Once its security was compromised, the cyberattack spread to all the clients, including top-tier US government agencies and numerous private firms.
The SolarWinds hack was discovered last December by the top-class cybersecurity firm FireEye, which also fell victim to the attack. What’s worrying is that a private company, not a government agency, discovered the hack. This prompted a discussion on the state of the United States’ cybersecurity defenses.
The issue came to the fore once again this month, when Microsoft’s email server software was hacked. Once again, the attack was not discovered by the DHS but by a private cybersecurity company.
According to top US cybersecurity experts, the SolarWinds hack exposed ‘climate change’ levels of vulnerability to foreign attacks. The experts expressed the need for a substantial change in how the US approaches its cyber defenses. Otherwise, the next big attack could cause much more damage. President Joe Biden is facing mounting pressure to undertake some sort of retaliatory action for the hack.