Hackers breached DHS after alarms were twice ruled ‘false positives’


Hackers managed to find their way into the US Department of Homeland Security’s primary information sharing platform, gaining unfettered access to the HSIN network that hosts unclassified information that multiple US agencies and international rely on.

The hack allowed the attackers to modify server files, run malicious code and steal credential files while installing backdoors and deleting logs to remove their digital footprint.

Their movements were flagged twice by automated systems and analysts in May 2026, before being dismissed as a false positive each time before an active breach was declared a month later.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hacktivists call out Trump by hacking and defacing US Army websites

    July 7, 2026

    The U.S. Army has reportedly fixed two of its websites that had been defaced to display pro-Kurdish messages and to call out President Donald Trump, the latest case of hackers compromising systems run by the federal government in recent months. Security researcher Ronald Lovelace told Cyberscoop, which first reported the defacements, that error pages were modified on two U.S. Army ...

  • NetNut cracked as Google and FBI target 2 million-device botnet

    July 3, 2026

    Tech companies working with US law enforcement “significantly degraded” the NetNut residential proxy network as part of an ongoing effort to disrupt the tools cybercriminals use to conceal their activity, say researchers. The work was carried out by Google, Lumen, Shadowserver, the FBI, and others, and marks a continuation of the IPIDEA proxy network disruption from January. According to Google Cloud, ...

  • FBI: Cyber Criminal Group TeamPCP

    July 2, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive ...

  • Hackers breached DHS information-sharing network

    June 30, 2026

    A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...

  • Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ

    June 30, 2026

    Almost 400 domains have been seized as part of Operation Offsides – a coordinated global effort to take down sites illegally streaming the FIFA World Cup 2026. The sites were seized by the US Justice Department’s Criminal Division for violating copyright and intellectual property law. The takedowns were coordinated by members of the International Computer Hacking and ...

  • Russian Intelligence Services Continue to Target Commercial Messaging Applications

    June 26, 2026

    The FBI and CISA are issuing this update to the March 20, 2026, Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves. The FBI has identified multiple clusters of Russian Intelligence Services (RIS) cyber threat actors responsible for an ongoing commercial messaging application (CMA) phishing campaign against individuals of high ...