US Department of Justice Says SolarWinds Attackers Breached a Lot More Email Accounts

US Department of Justice Says SolarWinds Attackers Breached a Lot More Email Accounts

The US Justice Department (DoJ) revealed new details about the SolarWinds breach when Russian hackers were able to access emails of several US officials.

In May, the FBI and other US agencies concluded that the attack was most likely carried out by Russia-affiliated hackers. Since then, the UK and the US have officially blamed Russia’s intelligence services for the attack and the US imposed sanctions.

The Department of Justice has identified the source of the attack that affected its email systems as an advanced persistent threat. It said attackers gained much broader access to its Microsoft Office 365 (O365) email systems. Previously, it stated only 3% of non-classified email was accessed.

In a recent statement, the US Department of Homeland Security said this number is as big as 80% in some districts and has released a list of 27 US districts that had email accounts compromised due to the SolarWinds attacks.

“While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80% of employees working in the U.S. Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York,” the DoJ said in a new statement. These breaches affected the US government and private sector, it added.

The Department of Justice revealed that the hackers maintained access to hacked email accounts for at least six months. The agency said the attackers were able to access the accounts from May to December 2020.

“The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts,” the DoJ said.

The compromised data included all of the emails and files sent and received by users of these accounts, as well as their stored messages and attachments.

The SolarWinds breach compromised US tech and cybersecurity companies and several federal agencies, among them the US Treasury Department, the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), and the US Department of State, and the US Department of Energy (DOE).

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.