Using the DNS records, attackers are capable of rerouting user traffic and stealing credentials from what appears to be a legitimate website.

The problem lies with foreign tech companies that are subject to government demands in opaque legal environments, he said.

The issue involves Conexus, Medtronic’s radio-frequency protocol that’s used for communication between medical technology such as defibrillators, home monitoring devices and other clinician programming tools.

“If I can go over there and get ahead of the curve … and bring those defensive measures back to the blue team here, I think we’ll be better off for [2020],” DHS's Chris Krebs said.

In a webinar for the private sector, DHS detailed how APT10 and other groups have evolved. The U.S. officials urged companies to better secure IT services that can be an avenue for stealing proprietary data.

The shutdown has stalled some of DHS’s more anticipatory work, like vulnerability assessments of critical systems and election-security initiatives.