DOJ email accounts compromised in SolarWinds hack attributed to Russians
The Department of Justice on Wednesday disclosed that its computer systems were among those compromised by a massive cybersecurity breach of government networks that U.S. officials attribute to Russia.
According to the Associated Press, the DOJ said that 3% of its Microsoft Office 365 email accounts were potentially hacked. The DOJ does not believe that classified systems were breached but would not say to whom the email accounts belonged.
“On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the Department’s Microsoft O365 email environment,” the DOJ said in a statement.
“After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the O365 email environment. At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” the statement continued.
“As part of the ongoing technical analysis, the Department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination. The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted,” the DOJ said.
On Tuesday, United States intelligence agencies formally accused the Russian government of orchestrating the cyberattack on software manufactured by IT company SolarWinds. The massive breach of government networks was discovered by the company last month and is estimated to have affected some 18,000 SolarWinds customers and an as yet unknown number of federal government agencies, including the DOJ, U.S. Treasury, and the Department of Commerce. Other agencies including the Department of Homeland Security, the Department of Defense, and the Energy Department’s National Nuclear Security Administration have also confirmed they were affected by the attack.
A joint statement from the FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) blamed Russia for the attack. The Hill reported these agencies had set up a cyber unified coordination group in December to investigate the extent of the SolarWinds hack.
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said.