DHS Breach Missed for Weeks, German Firm Collapses as Cyber Threats Escalate Across Sectors
DHS analysts twice dismissed intruder activity in its network before confirming a breach. A German manufacturer files for insolvency after a 6-week production shutdown. Lidl customer data stolen. EU sanctions Russian Turla group.
U.S. Department of Homeland Security analysts twice dismissed signs of intruders inside the Homeland Security Information Network in May, only confirming a breach in June, according to a document cited by Nextgov/FCW. The network supports communication for World Cup events across the country. The delayed response highlights persistent gaps in incident detection even at the highest levels of government cybersecurity.
The DHS intrusion was first spotted around mid-to-late May, but analysts classified the activity as harmless before later determining that unauthorized access had occurred. The breach confirmation came weeks after the initial detection.
Cyberattacks Drive Companies to Insolvency
In Germany, automotive parts supplier ZEGO-TVZ filed for insolvency after a March cyberattack shut down production for six weeks. The company blamed the financial fallout for forcing it to close its doors. The Register reported the attack left the firm unable to recover, marking a rare but stark example of a cyber incident causing a business to collapse.
Meanwhile, German discount supermarket chain Lidl informed customers in Germany, Belgium, and the Netherlands that attackers breached one of its IT service providers and stole customer data. The company said that despite high IT security standards, unidentified individuals briefly accessed a stored file and copied some data. The breach was disclosed on Lidl's support websites last week.
International Response Targets Russian Espionage
European Union member states and the United Kingdom jointly sanctioned Russian government officials and entities linked to the FSB's Turla hacking group. Turla has been blamed for espionage and destructive attacks, including winter cyberattacks against Poland's energy grid. The sanctions, reported by CyberScoop, signal a coordinated push to hold state-backed hackers accountable through economic measures.
In a separate case, a ransomware negotiator was sentenced to 70 months in prison after it was revealed he simultaneously worked for attackers, helping infect victims with malware while being hired to represent them. The negotiator must also forfeit all proceeds from the scheme.
The string of incidents illustrates a cybersecurity landscape where attackers increasingly target critical infrastructure, retail supply chains, and even the negotiators trusted to help victims. As organizations struggle with detection and response, the consequences now extend beyond data loss to bankruptcies and criminal prosecutions. The DHS breach in particular raises questions about whether government networks can adequately protect sensitive systems during high-profile international events.
Fact check
-
DHS analysts twice dismissed signs of intruders in the Homeland Security Information Network in May before confirming a breach in June.
reported · source
-
German automotive parts supplier ZEGO-TVZ filed for insolvency after a March cyberattack shut down production for six weeks.
reported · source
-
Lidl notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached one of its IT service providers.
reported · source
-
A ransomware negotiator was sentenced to 70 months in prison for helping infect victims with malware while being hired to represent them.
reported · source
-
The EU and UK sanctioned Russian government officials and entities linked to the FSB's Turla hacking group for espionage and destructive attacks including against Poland's energy grid.
reported · source
Source reporting (6)
- TechRadar Pro · Ransomware negotiator jailed for 70 months after he just helped infect victims with malware
- Techmeme · Doc: DHS analysts twice dismissed signs of intruders inside the DHS' network, first detected in May, as harmless activity before confirming a breach in June (David DiMolfetta/Nextgov/FCW)
- The Register · German firm files for insolvency, blames cybercrims who shut down production for 6 weeks
- Help Net Security · Hackers breach Lidl’s IT service provider, steal customer data
- CyberScoop · Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’
- The Register · EU and UK officially blame Russian spies for cyberattack on Poland's power grid
Join the conversation
You need to be registered and logged in to comment on blog articles.
0 Comments
No comments yet
Be the first to share your thoughts on this article.