DOJ reveals 27 U.S. Attorneys offices had emails compromised in SolarWinds hack
A total of 27 U.S. Attorneys offices had one or more employees’ Microsoft 365 email accounts compromised, when Russian hackers used the SolarWinds Orion updating system to push malware to agencies, the Department of Justice revealed Friday.
DOJ believes the advanced persistent threat group, APT29 or Cozy Bear, had access to the accounts from May 7 to Dec. 27, 2020 and all sent, received and stored emails and attachments within.
The department first acknowledged the intrusion on January 6 but made its latest announcement to promote cybersecurity information sharing among agencies.
“The Department of Justice understands that when victims make information public about the nature and scope of computer intrusions they suffered, others can use that information to prepare themselves for the next threat,” the update read. “To encourage transparency and strengthen homeland resilience, today we are providing additional details about the SolarWinds intrusion in December 2020.”
At least 80% of employees in New York’s Eastern, Northern, Southern and Western district offices had their accounts compromised, and all have been notified and instructed on how to identify cyberthreats, the department said.
Among the other districts compromised were two in California, the District of Columbia’s, three in Florida, one in Georgia, one in Kansas, one in Maryland, one in Montana, one in Nevada, one in New Jersey, one in North Carolina, three in Pennsylvania, three in Texas, one in Vermont, two in Virginia, and one in Washington.
Upon discovery, DOJ’s Office of the Chief Information Officer eliminated the hackers’ backdoor into its email environment and notified the Cybersecurity and Infrastructure Security Agency and Congress, but the damage persists.
“The department’s objective continues to be mitigating the operational, security and privacy risks caused by the incident,” reads the update.