By Dustin Volz 

WASHINGTON -- The U.S. Justice Department has become the latest federal agency to say it was breached by hackers in the Russia-linked cyberattack that has ripped through government agencies and an unknown number of corporate networks.

About 3% of the Justice Department's Microsoft Office email accounts were potentially accessed in the attack, the department said Wednesday.

The Justice Department's chief information officer learned of the previously unknown malicious activity on Dec. 24 and has "eliminated the identified method by which the actor was accessing" Microsoft Office email accounts, Marc Raimondi, a Justice Department spokesman, said in a written statement.

There is no indication classified systems were affected, Mr. Raimondi said, as the department classified the breach as a major incident requiring notification to other agencies and Congress.

Even unclassified email accounts, though, can contain sensitive information about investigations and potentially national security related issues, said Chris Painter, a former senior official at the Justice and State departments who worked on cybersecurity issues. "A lot of DOJ work happens on unclassified systems."

It couldn't be determined which Justice Department employees, or how many, potentially had their internal communications exposed in the operation. Some 115,000 employees work at the Justice Department, according to the department's 2020 fiscal year budget request, a figure that includes Federal Bureau of Investigation personnel and correctional officers at federal prisons. Mr. Raimondi said not all Justice Department employees use Microsoft Office, but didn't comment further on the size of the exposure.

The Justice Department is the latest of more than a half-dozen agencies to identify a compromise of its systems related to the massive hack, which has been under way for more than a year but was only discovered last month. Other federal agencies affected include the departments of State, Treasury, Commerce and Energy, according to officials and others familiar with the investigation.

On Tuesday, the Trump administration for the first time formally stated that Russia is likely behind what is known as the SolarWinds hack, a conclusion that senior officials had already reached and expressed both publicly and privately. Moscow has denied involvement in the cyberattack.

Investigators have said the hackers used a malicious update to widely used software provided by a Texas-based network-management company called SolarWinds Corp. to compromise U.S. government agencies and scores of private businesses across the globe.

Current and former officials and cybersecurity experts have said the hack amounts to one of the worst intelligence failures on record. Hacks are often destructive in nature by disrupting operations. This one, officials believe, was different -- a widely successful cyber espionage operation intended to purloin sensitive information from the U.S. government and quietly maintain persistent access within those networks.

Microsoft last week said the hackers accessed its systems and viewed internal source code used to create software products. The hackers also compromised at least one reseller of Microsoft's cloud-based computing services and tried to use that as a way of gaining access to emails belonging to the cybersecurity vendor CrowdStrike Inc. That attempt was unsuccessful, CrowdStrike has said.

Microsoft Corp. declined to comment on the breach of Justice Department email accounts.

Write to Dustin Volz at dustin.volz@wsj.com

 

(END) Dow Jones Newswires

January 06, 2021 15:39 ET (20:39 GMT)

Copyright (c) 2021 Dow Jones & Company, Inc.