SolarWinds Hack Breached Justice Department System -- 4th Update
By Dustin Volz
WASHINGTON -- The U.S. Justice Department has become the latest
federal agency to say it was breached by hackers in the
Russia-linked cyberattack that has ripped through government
agencies and an unknown number of corporate networks.
About 3% of the Justice Department's Microsoft Office email
accounts were potentially accessed in the attack, the department
The Justice Department's chief information officer learned of
the previously unknown malicious activity on Dec. 24 and has
"eliminated the identified method by which the actor was accessing"
Microsoft Office email accounts, Marc Raimondi, a Justice
Department spokesman, said in a written statement.
There is no indication classified systems were affected, Mr.
Raimondi said, as the department classified the breach as a major
incident requiring notification to other agencies and Congress.
Even unclassified email accounts, though, can contain sensitive
information about investigations and potentially national security
related issues, said Chris Painter, a former senior official at the
Justice and State departments who worked on cybersecurity issues.
"A lot of DOJ work happens on unclassified systems."
It couldn't be determined which Justice Department employees, or
how many, potentially had their internal communications exposed in
the operation. Some 115,000 employees work at the Justice
Department, according to the department's 2020 fiscal year budget
request, a figure that includes Federal Bureau of Investigation
personnel and correctional officers at federal prisons. Mr.
Raimondi said not all Justice Department employees use Microsoft
Office, but didn't comment further on the size of the exposure.
The Justice Department is the latest of more than a half-dozen
agencies to identify a compromise of its systems related to the
massive hack, which has been under way for more than a year but was
only discovered last month. Other federal agencies affected include
the departments of State, Treasury, Commerce and Energy, according
to officials and others familiar with the investigation.
On Tuesday, the Trump administration for the first time formally
stated that Russia is likely behind what is known as the SolarWinds
hack, a conclusion that senior officials had already reached and
expressed both publicly and privately. Moscow has denied
involvement in the cyberattack.
Investigators have said the hackers used a malicious update to
widely used software provided by a Texas-based network-management
company called SolarWinds Corp. to compromise U.S. government
agencies and scores of private businesses across the globe.
Current and former officials and cybersecurity experts have said
the hack amounts to one of the worst intelligence failures on
record. Hacks are often destructive in nature by disrupting
operations. This one, officials believe, was different -- a widely
successful cyber espionage operation intended to purloin sensitive
information from the U.S. government and quietly maintain
persistent access within those networks.
Microsoft last week said the hackers accessed its systems and
viewed internal source code used to create software products. The
hackers also compromised at least one reseller of Microsoft's
cloud-based computing services and tried to use that as a way of
gaining access to emails belonging to the cybersecurity vendor
CrowdStrike Inc. That attempt was unsuccessful, CrowdStrike has
Microsoft Corp. declined to comment on the breach of Justice
Department email accounts.
Write to Dustin Volz at email@example.com
(END) Dow Jones Newswires
January 06, 2021 15:39 ET (20:39 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.