SolarWinds Hack Breached Justice Department System -- 5th Update
By Dustin Volz and Robert McMillan
WASHINGTON -- The U.S. Justice Department has become the latest
federal agency to say it was breached by hackers in the
Russia-linked cyberattack that has ripped through government
agencies and an unknown number of corporate networks.
About 3% of the Justice Department's Microsoft Office email
accounts were potentially accessed in the attack, the department
The Justice Department's chief information officer learned of
the previously unknown malicious activity on Dec. 24 and has
"eliminated the identified method by which the actor was accessing"
Microsoft Office email accounts, Marc Raimondi, a Justice
Department spokesman, said in a written statement.
There is no indication classified systems were affected, Mr.
Raimondi said, as the department classified the breach as a major
incident requiring notification to other agencies and Congress.
Even unclassified email accounts, though, can contain sensitive
information about investigations and potentially national security
related issues, said Chris Painter, a former senior official at the
Justice and State departments who worked on cybersecurity issues.
"A lot of DOJ work happens on unclassified systems."
It couldn't be determined which Justice Department employees, or
how many, potentially had their internal communications exposed in
the operation. Some 115,000 employees work at the Justice
Department, according to the department's 2020 fiscal year budget
request, a figure that includes Federal Bureau of Investigation
personnel and correctional officers at federal prisons. Mr.
Raimondi said not all Justice Department employees use Microsoft
Office, but didn't comment further on the size of the exposure.
Investigators continue to try to understand the full extent of
the hack, so far linked to using a malicious update to widely used
software provided by a Texas-based network-management company
called SolarWinds Corp. to compromise U.S. government agencies and
scores of private businesses across the globe. Investigators are
reviewing how it managed to go undetected for so long and whether
there were avenues of attack.
Intelligence officials and cybersecurity analysts involved in
the response are investigating whether a little-known software
company called JetBrains s.r.o. might have played a role in the
SolarWinds hack, according to people familiar with the matter.
JetBrains makes tools for software developers, including a product
called TeamCity that is used to help manage and speed up large
software development projects.
Investigators believe that the SolarWinds hackers gained access
to a TeamCity server used by SolarWinds to build its software
products, but it is unclear how this system was accessed, according
to people familiar with the matter.
"SolarWinds, like many companies, uses a product by JetBrains
called TeamCity to assist with the development of its software. We
are reviewing all internal and external tools as part of our
investigations, which are still ongoing" a SolarWinds spokesman
said. The company hasn't seen any evidence linking the security
incident to a compromise of the TeamCity product, he said.
"We're not aware of any breach," Maxim Shafirov, the chief
executive of JetBrains, said in a text message. The company was
founded in the Czech Republic in 2000. It boasts 79 of the Fortune
100 among its 300,000 clients.
"We have never been contact by any security firms or agencies on
the matter," Mr. Shafirov said.
Interest in JetBrains among investigators was earlier reported
by the New York Times.
The Justice Department is the latest of more than a half-dozen
agencies to identify a compromise of its systems related to the
massive hack, which has been under way for more than a year but was
only discovered last month. Other federal agencies affected include
the departments of State, Treasury, Commerce and Energy, according
to officials and others familiar with the investigation.
On Tuesday, the Trump administration for the first time formally
stated that Russia is likely behind what is known as the SolarWinds
hack, a conclusion that senior officials had already reached and
expressed both publicly and privately. Moscow has denied
involvement in the cyberattack.
Current and former officials and cybersecurity experts have said
the hack amounts to one of the worst intelligence failures on
record. Hacks are often destructive in nature by disrupting
operations. This one, officials believe, was different -- a widely
successful cyber espionage operation intended to purloin sensitive
information from the U.S. government and quietly maintain
persistent access within those networks.
Microsoft last week said the hackers accessed its systems and
viewed internal source code used to create software products. The
hackers also compromised at least one reseller of Microsoft's
cloud-based computing services and tried to use that as a way of
gaining access to emails belonging to the cybersecurity vendor
CrowdStrike Inc. That attempt was unsuccessful, CrowdStrike has
Microsoft Corp. declined to comment on the breach of Justice
Department email accounts.
Write to Dustin Volz at firstname.lastname@example.org and Robert McMillan
(END) Dow Jones Newswires
January 06, 2021 17:15 ET (22:15 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.