In recent days, the Department of Homeland Security (DHS) in the United States has been rocked by a serious cybersecurity incident. The Federal Emergency Management Agency (FEMA) and Customs and Border Protection (CBP) under its jurisdiction were breached by hackers exploiting vulnerabilities in the Citrix system. As a result, sensitive employee data was stolen.
According to an investigation summary obtained by the American tech media Nextgov/FCW, the attack can be traced back to as early as June 22 of this year. Hackers used stolen login credentials to access FEMA’s internal Citrix virtual desktop system and extract data from the servers in the sixth region. This region includes Arkansas, Louisiana, New Mexico, Oklahoma, and Texas, as well as nearly 70 tribes, some of which are located in the southern border areas, known for being focal points of immigration policy disputes.
The DHS cybersecurity department received its first notification of the breach on July 7, and a week later, hackers attempted to install virtual network tools to expand their operations. While FEMA initiated preliminary response measures on July 16 and strengthened its containment measures on September 5, it was not until September 10 that the data breach was officially confirmed.
On August 18, FEMA mandated all employees to change their passwords within two weeks but did not disclose details of the cybersecurity issue. On August 29, DHS announced the dismissal of about 20 FEMA cybersecurity and technical officials, including Chief Information Officer Charles Armstrong.
Homeland Security Secretary Kristi Noem criticized the individuals involved for negligence during the cybersecurity checks and even concealing the extent of the vulnerabilities. She also emphasized that this incident did not lead to the leakage of American citizen data nor did it affect other DHS networks.
As this cybersecurity breach has come to light, the U.S. government has also issued warnings that Cisco firewall devices have recently been compromised, impacting multiple federal agencies, although it is unclear whether this is related to the attack on FEMA.
In recent years, U.S. government agencies have frequently become targets of cyber attacks. As a core emergency management agency, FEMA holds a wealth of sensitive information related to disaster relief, insurance claims, and emergency communications, making it a high-risk target for cyber threats.
(This article references reporting by Bloomberg)