DoJ: SolarWinds Attackers Hit Thousands of O365 Inboxes

Written by

Thousands of Department of Justice (DoJ) email accounts were accessed by SolarWinds attackers last year, the department has confirmed.

The DoJ issued a brief statement yesterday to shed more light on the impact of the attacks, which the government has so far acknowledged and blamed on Russia, but done little else to clarify.

“On December 24 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the department’s Microsoft Office 365 email environment,” it explained.

“After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the Office 365 email environment. At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3% and we have no indication that any classified systems were impacted.”

With around 113,000 employees thought to work in the DoJ, this means over 3300 mailboxes could have been accessed by the attackers.

Even if no “classified systems” were impacted, this represents a major security breach that could have given attackers access to strategically useful information and provided a staging post for convincing phishing attacks on other government users.

In fact, the DoJ admitted that the activity it detected constitutes a “major incident” under the Federal Information Security Modernization Act, and said it “is taking the steps consistent with that determination.”

In an update earlier this week, the authorities claimed that fewer than 10 government departments and agencies were affected by the campaign. Others thought to have been infiltrated by the state-backed Russian operatives are the Treasury, State, Homeland Security and Energy departments and the Cybersecurity and Infrastructure Security Agency (CISA).

What’s hot on Infosecurity Magazine?