The U.S. Department of Justice has admitted that its internal network was compromised as part of the SolarWinds supply chain attack.
According to DoJ spokesperson Marc Raimondi, the Department of Justice’s Office of the Chief Information Officer (OCIO) became aware of previously unknown malicious activity linked to the global SolarWinds incident on 24th December 2020. This activity involved access to the Department’s Microsoft Office 365 email environment.
The threat actors who spied on government networks through SolarWinds software have accessed about 3% of the Justice Department’s email accounts. However, there aren’t any evidence of access on classified systems. The DOJ has now blocked the attacker’s point of entry.
With DOJ employee numbers estimated at around 100,000 to 115,000, the number of impacted DOJ employees is estimated to be around 3,000 to 3,450.
The disclosure came a day after the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) issued a joint statement formally accusing an APT actor “likely Russian in origin” for staging the SolarWinds hack.
The espionage campaign, that started in March last year, worked by delivering malicious code that piggybacked on SolarWinds network-management software to at least 18,000 of its customers. Later the hackers escalated the attack only on a few of the infected companies.
The four agencies described the entire SolarWinds operation as “an intelligence gathering effort.”
Image Credits : Click on Detroit