Advertisement
Subscribe to our daily newsletter.
Subscribe

Justice Department confirms SolarWinds hackers accessed Department emails

The Justice Department joins a growing list of formally confirmed victims in the espionage campaign.

By

The Robert F. Kennedy Department of Justice Building in Washington, D.C., headquarters of the United States Department of Justice.

The Justice Department on Wednesday joined a growing list of confirmed victims in the public and private sector of a suspected Russian espionage campaign that used tainted software made by SolarWinds.

The attackers were able to burrow their way into the Microsoft Office 365 email accounts of Justice Department employees and potentially had access to “around 3%” of such email accounts in the department, Marc Raimondi, a department spokesman, said in a statement. The Justice Department has more than 115,000 employees, according to a fiscal 2020 budget request, but not all employees use Office 365, Raimondi told CyberScoop. He declined to say how many employees do use the software.

The departments of Commerce, Energy and Treasury have also confirmed breaches. “Fewer than 10” U.S. agencies have been victimized by the targeted espionage operation, according to investigators.

The Justice Department statement comes a day after U.S. investigators for the first time formally implicated Russia in the hack, saying it was “likely Russian in origin.” Moscow has denied involvement in what is shaping up to be the first big cybersecurity test of Joe Biden’s presidency.

Advertisement

Justice Department officials did not learn of the malicious activity on their networks until Dec. 24, Raimondi said, more than 10 days after the Commerce Department became the first federal agency to confirm it had been breached. That underscores the ongoing nature of the investigation into the apparent espionage campaign, and the work left to be done to remediate it.

“After learning of the malicious activity, the [department’s Office of the Chief Information Officer] eliminated the identified method by which the actor was accessing the O365 email environment,” Raimondi said. There is no evidence that classified systems were affected, he said.

Raimondi said the breach constituted “a major incident” under the Federal Information Security Modernization Act, a designation that requires agencies to notify Congress.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Attorney General Merrick Garland announces the indictments of two employees of Russia’s RT and sanctions on top editors of the state-funded news outlet, accusing them of seeking to influence the 2024 U.S. presidential election. Garland chaired the meeting of the DOJ’s Election Threats Task Force in Washington, D.C. on Sept. 4, 2024. (Photo by ROBERTO SCHMIDT/AFP via Getty Images)

Justice Department accuses Russia of interfering with 2024 elections

The U.S. government announced indictments, seizures and sanctions against individuals they say were associated with a propaganda campaign targeting the 2024 election.
By Derek B. Johnson

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Cisco’s Jane Zipoli on how cloud services affect real-time threat detection

Government

Technology

Threats

Geopolitics