Hackers breached DHS after alarms were twice ruled ‘false positives’


Hackers managed to find their way into the US Department of Homeland Security’s primary information sharing platform, gaining unfettered access to the HSIN network that hosts unclassified information that multiple US agencies and international rely on.

The hack allowed the attackers to modify server files, run malicious code and steal credential files while installing backdoors and deleting logs to remove their digital footprint.

Their movements were flagged twice by automated systems and analysts in May 2026, before being dismissed as a false positive each time before an active breach was declared a month later.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Three Supermicro employees charged with conspiracy to smuggle restricted Nvidia chips to China

    March 20, 2026

    A federal investigation has been launched after the US Department of Justice charged three individuals for allegedly smuggling restricted Nvidia AI chips to China. The three men were not named in court documents, however a statement released by Super Micro Computer Inc. identified those involved. The smuggling allegedly occurred between 2024 and 2025, with billions of ...

  • Russian Intelligence Services Target Commercial Messaging Application Accounts

    March 20, 2026

    The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly issuing this public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs). RIS actors have compromised individual CMA accounts, but not CMAs’ encryption ...

  • Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets

    March 20, 2026

    The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to ...

  • Authorities disrupt world’s largest IoT DDoS botnets responsible for record breaking attacks targeting victims worldwide

    March 19, 2026

    ANCHORAGE, Alaska – The U.S. Justice Department participated in a court-authorized law enforcement operation today to disrupt Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid and Mossad Internet of Things (IoT) botnets. The operation was conducted simultaneously to law enforcement actions conducted in Canada and Germany, which targeted individuals who operated these botnets. ...

  • Unknown attackers exploit yet another critical SharePoint bug

    March 19, 2026

    Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned. CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part of its January Patch Tuesday. At the ...

  • CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices

    March 19, 2026

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers. The agency said on Thursday that it was urging companies to take action and confirmed it was ...