The United States Department of Justice (DoJ) is the newest confirmed victim of the attack on Internet service provider SolarWinds and caused massive damage to a large number of companies and government agencies. The confirmation was published on Wednesday (06) in a DoJ statement.
In the statement, the department confirmed that thousands of internal emails were accessed responsible for attack on SolarWinds last month. The department uses corporate solutions from Microsoft (Office 365), which is one of hundreds of companies that was hit by the attack.
“On December 24, 2020, the office of the head of the Department of Justice (OCIO) learned of a previously unknown malicious activity, linked to the global SolarWinds incident that affected several federal agencies and technology providers, among others. This activity involved accessing the Department’s Microsoft Office 365 email environment”, DoJ spokesman Marc Raimondi writes in the statement.
The department believes that cybercriminals would have accessed about 3% of the total internal email base. “The number of Office 365 mailboxes potentially accessed appears to be limited to around 3% and we have no indication that any classified systems have been affected.”
Although the department guarantees that “no classified systems” were affected, the incident represents a major security breach, as cybercriminals may have accessed extremely sensitive information, including personal data and state secrets.
According to Infosecurity Magazine, the DoJ has approximately 113 thousand employees. Therefore, it is possible that cybercriminals have accessed more than 3300 department emails.
“The Department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act and is taking steps consistent with that determination. The Department will continue to notify the appropriate federal agencies, Congress and the public as warranted, ”concludes the document.
A joint investigation by the Federal Bureau of Investigation (FBI), the Agency for Cybersecurity and Infrastructure (CISA) and the United States National Security Agency (NSA) concluded on Tuesday (05) that the origin of the attacks is probably Russian.
“This work indicates that an Advanced Persistent Threat (APT) actor, probably of Russian origin, is responsible for most or all of the recently discovered ongoing cyber compromises of government and non-government networks, ”CISA informs in a press release.
Last month, the Russian government, which was already blamed for the attack, denied any involvement in the case. “Russia does not conduct offensive operations in the cyber domain… Malicious activities in the information space contradict the principles of Russian foreign policy, national interests and our understanding of interstate relations ”, informs the Russian Embassy in the USA on Facebook.
The attack on SolarWinds’ supply chain also hit the Department of Commerce, the Department of the Treasury, the National Telecommunications, Information and Administration Agency (NTIA), in addition to other US government institutions and hundreds of companies around the world.
Sources: Doj; Infosecurity Magazine; CISA; Embassy of Russia in the USA.
See the original post at: https://thehack.com.br/milhares-de-e-mails-do-departamento-de-justica-dos-eua-foram-acessados-apos-ataque-a-solarwinds/?rand=48873