Report: Massive Russian Hack Effort Breached DHS, State Department And NIH

WASHINGTON, USA - MARCH 7: The Department of Homeland Security logo is seen on a law enforcement vehicle in Washington, United States on March 7, 2017. (Photo by Samuel Corum/Anadolu Agency/Getty Images)
Start your day with TPM.
Sign up for the Morning Memo newsletter

The Department of Homeland Security, the State Department and the National Institutes of Health on Monday joined a growing list of government agencies targeted in a digital spying operation by Russia whose damage remains unclear but is thought to be extensive, the Washington Post reported late Monday.

The fact that the department responsible for keeping the nation safe from cyber attacks was victimized raises question about the effectiveness of government efforts to protect against digital spying. 

The list of victims of the cyberespionage, had already included the Treasury and Commerce departments, but the list of targets is expanding and likely include more federal agencies and numerous private companies, officials familiar with the matter told the Post.

In a federal securities filing on Monday, SolarWinds reported that “fewer than 18,000” of its customers may have been affected in the attack. The figure represents just a fraction of the maker of the popular network-managements software’s more than 300,000 customers worldwide, but still represents a significant group of important networks that includes the Pentagon and the White House. Russia has denied any role in the spying effort, the Post said.

According to the Post, DHS spokesman Alexei Woltornist said that the department is aware of reports of a breach and is investigating the matter. 

The Russian Foreign Intelligence Service (SVR) is thought to be behind the campaign, which has been running since at least the spring. The hackers gained access to their victims’ systems by compromising routine software patches sent to these systems by SolarWinds.

Experts told the Post that the nature of the hacks indicated that the attackers were focused on high-value targets, although the spy effort appears so far to be a part of Russian intelligence that has little known record for advancing online disinformation campaigns like the ones seen during the 2016 presidential elections.

FireEye, a top cybersecurity firm that was also breached, discovered through its own investigation that SolarWinds had been compromised. The firm described the victims as including “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.”

“We anticipate there are additional victims in other countries and verticals,” the firm said.

Hackers stole potent cyberattack tools that FireEye used for research purposes, according to the Post.

John Hultquist, manager of analysis at FireEye, told the Post that intruders are “still in these organizations. There are a lot of information-security teams right now who are probably going to be working on this problem through Christmas.”

The details of what was taken and from whom are not yet public in the Russian operation which dates at least as far back as March and was described as active as recently as Sunday.

Latest News

Notable Replies

  1. I’m old enough to remember when Republicans truly believed Russians were evil.

    And our enemies.

    Not comrades.


  2. Of course this would be after Cheetolini fired the head of cybersecurity…whether or not he is an active Russian agent, Trump is damn sure doing everything a Russian agent would do in his place.

  3. Avatar for scavok scavok says:

    There would have been a lot more systems compromised it organizations had kept up to date on software patches.

    Sometimes it pays to wait…

  4. Avatar for grack grack says:

    Other articles call it a “manual supply chain attack” which either means a hacker posed as an engineer and got hired at one of these companies or used some type of social+actual engineering to pose as an employee to inject the malicious code. Clever. And also an act of war.

  5. Trump will have to fire the person that discovered this security breach. Certainly that discovery was not part of the scheme.

Continue the discussion at

62 more replies


Avatar for paulw Avatar for dr_coyote Avatar for josephebacon Avatar for scavok Avatar for jw1 Avatar for sysprog Avatar for steviedee111 Avatar for becca656 Avatar for randyabraham Avatar for tomanjeri Avatar for lastroth Avatar for midnight_rambler Avatar for karlsgems Avatar for isepick Avatar for cablemonkey Avatar for fuadreviez Avatar for us_resident Avatar for jmacaz Avatar for uneducated Avatar for bawiggans Avatar for grack Avatar for 2busy Avatar for rockitttla Avatar for geographyjones

Continue Discussion
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Associate Editor:
Editor at Large:
General Counsel:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: