SolarWinds attackers breached email of US prosecutors, says Department of Justice

Hackers - probably backed by Russia - had access to emails for over six months.
Written by Liam Tung, Contributing Writer

The US Justice Department (DoJ) has revealed the extent to which hackers had access to officials' emails due to the SolarWinds breach it disclosed in January.

The FBI, CISA, ODNI, and the NSA that month said it was most likely Kremlin-backed hackers that tainted a software update from enterprise IT vendor, SolarWinds. Since then, the US and UK have officially blamed Russian intelligence services for the attack and US president Joe Biden announced sanctions against Russia over it.  

The DoJ said in an updated statement that it was treating the source of attack as an Advanced Persistent Threat (APT) that gained much broader access to the department's Microsoft Office 365 (O365) email systems than the 3% of non-classified email it initially thought was accessed. 

SEE: Network security policy (TechRepublic Premium)

"While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80% of employees working in the U.S. Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York," the DoJ said in a new statement.  

The department has published a list of the 27 districts that had one or more employees' O365 email accounts compromised in the SolarWinds attack. These compromised accounts affected the US government and private sector, it added.  

The DoJ has also disclosed that the hackers had access to compromised email accounts for at least six months, from around May 7 to December 27, 2020. 

"The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts," the DoJ said.

SEE: Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

Compromised data included all sent, received, and stored emails and attachments found within those accounts during that time, it said.  

The SolarWinds breach resulted in the compromise of major US tech and cybersecurity companies and key federal agencies, including US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), The Department of Homeland Security (DHS), and the US Department of State, and the US Department of Energy (DOE).  

Editorial standards