The Department of Justice and the Federal Court System revealed on Wednesday that they were among dozens of U.S. government agencies and private companies that have been at risk because of the A massive cyber espionage campaign that lasted for months Which American officials have linked to the elite Russian Pirates.
It was not clear the extent of the damage.
The department said 3% of its Microsoft Office 365 email accounts were affected, but did not specify to whom these accounts belong. The agency said there were no indications that classified systems were affected. Dmitry Alberovic, former chief technology officer of cybersecurity company CrowdStrike, said that Office 365 is not just an email but a collaborative computing environment, which means shared documents have been accessed as well.
Separately, the US Courts Administration Office informed federal judicial bodies across the country that the nationwide case management system for courts had been violated. It likely gave the hackers access to sealed court documents, the contents of which are highly sensitive.
The Justice Department said it discovered on December 24 “previously unknown malicious activity” linked to broader federal agency interventions uncovered earlier that month, according to a statement from a spokesman for Mark Raymonddi.
Separately, the court’s office said on its website that a “clear settlement” of US court case management and the electronic file system is under investigation.
The Department of Homeland Security was roaming the system, she said, and indicated that there was a particular risk in the sealed court files, the disclosure of which could endanger more than active criminal investigations.
“The potential range is wide. Physical access may be important,” said a federal court official, who spoke on condition of anonymity because they were not authorized to disclose the information. The official confirmed that the scope of the settlement was national, but it was not clear how widespread it would be.
The official added that sealed court files, if indeed violated, could contain information about national security, trade secrets and transcripts of wiretapping, along with financial data from bankruptcy cases and the names of criminal informants.
On Tuesday, federal law enforcement and intelligence agencies Russia officially implicated the incursionsHe described them as part of a suspicious intelligence gathering operation. President Donald Trump had previously questioned this consensus, suggesting without foundation that China could be responsible.
The hacking campaign was extraordinary in terms of scale, with hackers stalking government agencies including the Treasury and Commerce departments, defense contractors, and telecom companies for several months by the time the hack was discovered.
This gave foreign agents ample time to collect data that could be extremely harmful to the national security of the United States, experts say, although the exact extent of the violations and the information required are unknown.
An estimated 18,000 organizations were provided with malicious code based on popular network management software from an Austin, Texas company, called SolarWinds. But only a subset is believed to have been compromised. A statement on Tuesday said that fewer than 10 federal government agencies have so far been identified as being compromised.
Thomas Reed, a Johns Hopkins cyber espionage expert, said that 3% of email accounts accessed at Justice might not look like a lot, but that doesn’t mean the hackers “haven’t accessed the things of interest.”
Cybersecurity experts responding to the breach say the highly-skilled cyber spies of the caliber behind the SolarWinds hack are able to keep their footprint as small as possible to avoid detection – targeting only high-value email and documents.
Reid wondered to what extent the Justice Department could be sure of its compatibility.
“How good are they looking given that US government agencies totally missed the breach in the first place?” He said, “Are they really at the top of the problem? Do we really only see the tip of the iceberg? ”
The hack was discovered by FireEye, a prominent cybersecurity company, on its network. Then I identified and informed the other victims.
Experts expect the severity of the penetration and the number of victims identified to increase over time.
“History tells us that if you have a major breach, not just in one organization but across an entire government – an entire sector – it will take a long time to identify the victims and how seriously they are at risk,” Reid said.
Microsoft declined to comment on a long period of hackers have been reading emails in the Department of Justice’s Office 365 environment, which is usually a cloud-based service hosted by the software provider.
Pagak from Boston reported. Associated Press writers Mark Sherman in Washington and Mariclear Dale in Philadelphia contributed to this report.