The Department of Justice and the Federal Court System revealed on Wednesday that they are among dozens of US government agencies and private companies that have been endangered by a massive, months-long cyber espionage campaign. Which American officials have linked to Russia’s computer hacker elite.
It was not clear the extent of the damage.
The department said 3% of its Microsoft Office 365 email accounts were affected, but did not specify to whom these accounts belong. The agency said there were no indications that classified systems were affected. Dmitry Alberovic, former chief technology officer of cybersecurity company CrowdStrike, said that Office 365 is not just an email but a collaborative computing environment, which means shared documents have been accessed as well.
Separately, the US Courts Administration Office informed federal judicial bodies across the country that the nationwide case management system for courts had been violated. It likely gave the hackers access to sealed court documents, the contents of which are highly sensitive.
The Justice Department said that on December 24, it detected “previously unknown harmful activity” related to the broader interventions of federal agencies uncovered earlier that month, according to a statement from a spokesman for Mark Raymonddi.
Separately, the court’s office said on its website that a “clear compromise” of case management and the electronic file system in the US judiciary was under investigation.
The Department of Homeland Security was roaming the system, she said, and indicated that there was a particular risk in the sealed court files, the disclosure of which could endanger more than active criminal investigations.
“The access is enormous.” A federal court official, speaking on condition of anonymity because they are not authorized to disclose information, said, “Actual access may matter.” The official emphasized that the scope of the settlement was national but it was not clear how widespread it would be.
The official added that sealed court files, if indeed violated, could contain information about national security, trade secrets and transcripts of wiretapping, along with financial data from bankruptcy cases and the names of criminal informants.
On Tuesday, federal law enforcement agencies and intelligence agencies Russia were officially implicated in the interventionsHe described them as part of the process of gathering suspicious intelligence. President Donald Trump had previously questioned this consensus, suggesting without foundation that China could be responsible.
The hacking campaign was extraordinary in terms of scale, with hackers stalking government agencies including the Treasury and Commerce departments, defense contractors, and telecom companies for several months by the time the hack was discovered.
This gave foreign agents ample time to collect data that could be extremely harmful to the national security of the United States, experts say, although the exact extent of the violations and the information required are unknown.
An estimated 18,000 organizations were provided with malicious code based on popular network management software from an Austin, Texas company, called SolarWinds. But only a subset is believed to have been compromised. A statement on Tuesday said that fewer than 10 federal government agencies have so far been identified as being compromised.
Thomas Reid, a cyber espionage expert at Johns Hopkins University, said that the 3% of email accounts accessed at Justice might not sound like much, but that doesn’t mean the hackers “haven’t accessed the things of interest.”
Cybersecurity experts responding to the breach say the highly skilled cyber spies of the caliber behind the SolarWinds hack are able to keep their footprint as small as possible to avoid detection – and they target only high-value email and documents.
Reid wondered to what extent the Justice Department could be sure of its compatibility.
“How good are they looking given that US government agencies got it totally wrong with the breach in the first place?” He said. “Are they really at the top of the problem? Do we really only see the tip of the iceberg?”
The hack was discovered by FireEye, a prominent cybersecurity company, on its network. Then I identified and informed the other victims.
Experts expect the severity of the penetration and the number of victims identified to increase over time.
“History tells us that if you have a major breach, not just in one organization but across an entire government – an entire sector – it will take a long time to identify the victims and how seriously they are at risk,” Reid said.
Microsoft declined to comment on a long period of hackers have been reading emails in the Department of Justice’s Office 365 environment, which is usually a cloud-based service hosted by the software provider.
Pagak from Boston reported. Associated Press writers Mark Sherman in Washington and Mariclear Dale in Philadelphia contributed to this report.