DOJ email accounts compromised in SolarWinds cyberattack
pixelcreatures / Pixabay
DOJ email accounts compromised in SolarWinds cyberattack

The US Department of Justice (DOJ) announced Wednesday that up to 3 percent of its email mailboxes were accessed during the SolarWinds cyberattack in December.

DOJ Spokesperson Marc Raimondi released a statement on the incident:

On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the Department’s Microsoft O365 email environment. After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the O365 email environment. At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted. As part of the ongoing technical analysis, the Department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination. The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted.

According to a new joint agency governmental report Tuesday, the US government has attributed the cyberattack to Russia stating, “This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort.”

The SolarWinds cyberattack involved a massive hack into SolarWinds systems. Hackers targeted government entities who used SolarWinds’ Orion products for management of IT systems.