Hackers from Russia who organized the SolarWinds hack i.e. supply chain assault turned to the interior organization of the US Department of Justice, from where they accessed Microsoft Office 365 email accounts having a place with staff at 27 express lawyers’ workplaces, the DOJ said in articulation on Friday.
Among the impacted, the DOJ listed the state attorneys’ offices for:
- Central District of California;
- Northern District of California;
- District of Columbia;
- Northern District of Florida;
- Middle District of Florida;
- Southern District of Florida;
- Northern District of Georgia;
- District of Kansas;
- District of Maryland;
- District of Montana;
- District of Nevada;
- District of New Jersey;
- Eastern District of New York;
- Northern District of New York;
- Southern District of New York;
- Western District of New York;
- Eastern District of North Carolina;
- Eastern District of Pennsylvania;
- Middle District of Pennsylvania;
- Western District of Pennsylvania;
- Northern District of Texas;
- Southern District of Texas;
- Western District of Texas;
- District of Vermont;
- Eastern District of Virginia;
- Western District of Virginia; and
- Western District of Washington
The DOJ stated it accepted the malicious programmers approached compromised Microsoft O365 accounts between the 7th of May to December 27, 2020.
“Whilst different districts were affected less significantly, the APT gang accessed the O365 email records of no less than 80% of representatives working in the US Attorneys’ workplaces situated in the Eastern, Northern, Southern, and Western Districts of New York,” the Department said earlier.
“The Executive Office for US Attorneys has notified all impacted account holders and the Department has provided guidance to identify particular threats.”
In April 2021, the White House issued a formal statement blaming the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds hack i.e. SolarWinds Orion supply chain attack.
SVR hackers were blamed for breaching Texas software company SolarWinds, inserting malware in an update for the Orion IT monitoring platform, and then selecting high-profile targets where they’d pivot with additional malware for espionage purposes.
The DOJ initially admitted it was running Orion and was impacted by the incident on January 6.