DoJ Says SolarWinds Hackers Violate Its Office 365 System And Read Email | GeekComparison

DoJ Says SolarWinds Hackers Violate Its Office 365 System And Read Email

The US Department of Justice is the latest federal agency to say its network has been breached in a long and extensive hacking campaign believed to have been backed by the Russian government.

In a succinct statement on Wednesday, Justice Department spokesman Marc Raimondi said the breach was not discovered until December 24, which is nine days after the hacking campaign came to light. The hackers, Raimondi said, took control of the department’s Office 365 system and gained access to email sent or received from about 3 percent of accounts. The department has more than 100,000 employees.

Researchers believe the campaign began when the hackers took control of the software distribution platform of SolarWinds, an Austin, Texas-based maker of network management software used by hundreds of thousands of organizations. The attackers then pushed a malicious update installed by about 18,000 of those customers. Only a fraction of the 18,000 customers experienced a follow-up attack that used the backdoored SolarWinds software to view, delete or modify data on those networks.

So far, about half a dozen federal agencies have said they were among the chosen few. Private companies, including Microsoft and security firm FireEye, have also said they are part of this group.

On Tuesday, officials from the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency and Office of the Director of National Intelligence issued a joint statement saying the Kremlin was “probably” behind the hack, which began no later than October 2019.

Wednesday’s statement said investigators have no indication that the department’s secret network has been breached. While that’s good news, sensitive information routinely flows through unclassified systems.

A second software maker investigated

Although SolarWinds software was widely suspected as the first way hackers got in, The New York Times reported Wednesday that researchers are investigating the role another software vendor, JetBrains, may have played. The company, founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.

The Wall Street Journal reported that investigators believe the hackers gained access to a TeamCity server used by SolarWinds, but it’s unclear how the system was used. In a statement, JetBrains co-CEO Maxim Shafirov said there has been no contact by SolarWinds or any government agency about a role TeamCity may have played.

Leave a Comment