The Washington Post reports:

The Department of Homeland Security on Monday joined the list of known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive, experts say.

The list of victims of the cyberespionage, which already included the Treasury and Commerce departments, is expected to grow and to include more federal agencies and numerous private companies, said officials and others familiar with the matter, who spoke on the condition of anonymity because it is under investigation.

SolarWinds, the maker of widely used network-management software that the Russians manipulated to enable their intrusions, reported in a federal securities filing Monday that “fewer than 18,000” of its customers may have been impacted. That’s a small slice of the company’s more than 300,000 customers worldwide, including the Pentagon and the White House, but still represents a large number of important networks. Russia has denied any role in the intrusions.

The fact that the department charged with safeguarding the country from physical and cyber attacks was victimized underscores the campaign’s significance and calls into question the adequacy of federal cybersecurity efforts. [Continue reading…]