Cybersecurity

Suspected Russian Hackers Breached DOJ Email System

Officials say hackers were able to access the Department of Justice’s Microsoft Corp. Office 365 email accounts and may have also compromised the U.S. federal judiciary’s electronic filing and case management system.

January 07, 2021 • 
Alyza Sebenius,  Bloomberg News
  • Facebook
  • LinkedIn
  • Twitter
  • linkText
  • Email
A SolarWinds logo is displayed on a post from the company as seen on a phone in Portland, Ore., on December 19, 2020, providing security information after a highly sophisticated cyber attack inserted a vulnerability in their Orion Platform products distributed via malware hidden in software updates to 18,000 customers including US government agencies and Fortune 500 companies. The attack was identified by cybersecurity firm FireEye who had a number of their hacking tools stolen during a likely state-sponsored espionage attempt. (Photo by Alex Milan Tracy/Sipa USA/TNS)
TNS
(TNS) — Suspected Russian hackers broke into the Department of Justice’s email system and may have also compromised the U.S. federal judiciary’s electronic filing and case management system, authorities said on Wednesday.

The intrusions are part of a massive cyberattack that utilized malicious code implanted in Orion software by Texas-based SolarWinds Corp., which is widely used in government and the private sector for network management.

In late December, the Justice Department “learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others,” Justice Department spokesman Marc Raimondi said Wednesday in a statement. He added that hackers were able to access the Department’s Microsoft Corp. Office 365 email accounts.

“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3% and we have no indication that any classified systems were impacted,” Raimondi said. The Department of Justice, which found the hack on Dec. 24, has “eliminated the identified method by which the actor was accessing the 0365 email environment,” according to a statement.

The judiciary’s electronic filing and case management system suffered an “apparent compromise,” the Administrative Office of the U.S. Courts said Wednesday. A spokesperson for the Administrative Office said the incident was tied to the broader SolarWinds-related hacks.

The federal courts are working with the Department of Homeland Security on an audit of the system, Administrative Office Director James Duff said in a memo distributed to federal courts. The federal courts “suspended all national and local use” of the Orion IT tool after the Department of Homeland Security issued a directive about the breach in December, according to an AO statement.

Going forward “highly sensitive documents” will have to be submitted to the courts on paper or on a secure electronic device. Each court will make its own determination about which documents are highly sensitive.

The hack targeted updates in SolarWinds’s Orion software, and the company has said as many as 18,000 customers may have received the malicious code. However, in a joint statement by intelligence agencies and the FBI on Tuesday, the U.S. officials said they believe the number of organizations that were actually targeted for “follow-on activity,” meaning further intrusions by the hackers, was far smaller.

The officials said fewer than 10 government agencies fell into that category. They also said Russia was likely behind the attack.

©2021 Bloomberg L.P., Distributed by Tribune Content Agency, LLC

  • Facebook
  • LinkedIn
  • Twitter
  • linkText
  • Email