Hackers breach DHS after alarms twice found to be ‘false positive’


  • An internal DHS review shows that analysts twice dismissed intrusion alerts on the HSIN information-sharing network as false positives.
  • This effectively gave hackers about three weeks of undetected access before a breach was declared on June 4, 2026.
  • The attackers, still anonymous, modified server files, executed malicious code through a legitimate web server program, deleted logs, installed backdoors, and stole credentials files.

Hackers managed to hack their way into the US Department of Homeland Security’s main information sharing platform, gaining unrestricted access to the HSIN network which hosts unclassified information relied upon by many US and international agencies.

The hack allowed attackers to modify server files, execute malicious code, and steal credentials while installing backdoors and deleting logs to remove their digital footprint.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top