DHS confirms hackers breached HSIN info-sharing platform
The Department of Homeland Security is investigating a cyberattack that compromised the Hom 2026-7-1 17:46:14 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏

DHS

The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners.

The intrusion, first reported by Nextgov, was carried out by an unknown threat actor in recent weeks and is believed to have occurred sometime between late May and early June, according to two people familiar with the matter who spoke on the condition of anonymity.

DHS is currently investigating the attack and has reportedly not attributed it to any specific threat actor or foreign governments. Whether any documents were stolen from the system also remains unclear.

image

According to Nextgov's sources, the threat actors targeted HSIN servers as well as a SharePoint system used for collaboration efforts. The department's Office of Intelligence and Analysis has since conducted a damage assessment of the breach.

The Homeland Security Information Network is a DHS platform for sharing sensitive but unclassified information among government, international, and private-sector partners.

Approved users can use the network to access data, exchange requests with partner agencies, manage operations, coordinate safety and security for planned events, respond to incidents, and share critical information needed to protect their communities.

The platform supports real-time communication, alerts, and incident management, and is also used to exchange information about persons of interest and potential threats.

As the United States is currently overseeing security for World Cup games hosted across the country, Nextgov raised concerns that the breach could have exposed security planning, interagency coordination, or response procedures.

In a statement, a DHS spokesperson confirmed the incident to BleepingComputer while emphasizing that classified systems were not affected.

"The Department of Homeland Security is aware of a recent cyber incident involving a specific, unclassified legacy information sharing environment," DHS told BleepingComputer.

"We immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation. There is no indication that classified networks were impacted, and the system remains operational for our partners. As this is an ongoing investigation, we cannot provide further operational details at this time."

HSIN previously suffered a security incident in 2023, when an access misconfiguration linked to a contractor's coding error exposed restricted data within HSIN-Intel, the platform's intelligence section.

The error, detailed in an internal DHS memo seen by Wired, set access permissions to "everyone" rather than a limited group of authorized users, exposing information, including sensitive U.S. person data and other personally identifiable information, to all of HSIN's users.

article image

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper


文章来源: https://www.bleepingcomputer.com/news/security/dhs-confirms-hackers-breached-hsin-info-sharing-platform/
如有侵权请联系:admin#unsafe.sh