Connect with us

Hi, what are you looking for?



DHS Contractor Targeted in Apparent State-Sponsored Attack

US Investigations Services (USIS), a Department of Homeland Security (DHS) contractor that conducts background checks for the agency, has been the target of a cyberattack that appears to have been launched by a state-sponsored entity.

US Investigations Services (USIS), a Department of Homeland Security (DHS) contractor that conducts background checks for the agency, has been the target of a cyberattack that appears to have been launched by a state-sponsored entity.

Officials told The Washington Post that the scope of the intrusion has not been determined, but the personal details of some DHS employees might have been compromised in the breach. For the time being, there’s no evidence that employees outside the agency are impacted. While the incident is being investigated, the DHS has suspended all work with the company, officials said.

CyberattackIn a statement published on its website on Wednesday, USIS said the cyberattack was aimed at its corporate network and it was discovered by the company’s internal IT security team.

“We immediately informed federal law enforcement, the Office of Personnel Management (OPM) and other relevant federal agencies. We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network,” USIS stated. “Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack.”

The Washington Post learned that the DHS sends employee data in an encrypted form to USIS, but it’s unclear if it remains encrypted. USIS, which vetted former NSA contractor Edward Snowden, hasn’t provided any technical details on the incident, but claims to be working with OPM, the DHS and federal law enforcement authorities on improving its security efforts.

“We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack,” USIS said.

Threat actors, often linked to China, have been named responsible for numerous attacks against United States government organizations over the past years. However, not all serious incidents involving government systems are blamed on Chinese and other state-sponsored groups. A British man has been accused of stealing sensitive information from the networks of several organizations, including the Federal Reserve, the Army, NASA and the Missile Defense Agency.

The practices of USIS, which has provided security clearance background investigations and other support services for more than 95 federal agencies, have been recently brought into question by the United States government. In October 2013, the Justice Department joined a civil lawsuit alleging that the firm systematic ally failed to adequately conduct security clearance investigations.

Advertisement. Scroll to continue reading.

The Justice Department has accused the company of failing to properly conduct 665,000 background investigations between March 2008 and September 2012 in an effort to increase revenue and profit.

Last month, US senators sent a letter to the DHS questioning the decision to award a $190 million contract by the US Citizen and Immigration Services to USIS while knowing of the Department of Justice accusations.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.