Hackers breached DHS after alarms were twice deemed ‘false positives’



  • An internal DHS reading shows that analysts twice dismissed HSIN intrusion alerts as false positives.
  • This effectively gave the hackers approximately three weeks of undetected access before a breach was declared on June 4, 2026.
  • The attackers, still anonymous, altered server files, executed malicious code through a legitimate web server program, deleted logs, installed backdoors, and stole credential files.

Hackers managed to break into the US Department of Homeland Security’s main information-sharing platform, gaining unlimited access to the HSIN network that houses unclassified information trusted by multiple US and international agencies.

The hack allowed attackers to modify server files, execute malicious code, and steal credential files while installing backdoors and deleting logs to eliminate their digital footprint.

Leave a Comment

Your email address will not be published. Required fields are marked *