Hitting most of the New York Attorney’s office employees, the hackers, specified to be Russian Foreign Intelligence Service (SVR), had access to the compromised email accounts for over 7 months.
Email Accounts Breached in SolarWinds Attacks
While the US Department of Justice has officially revealed to be a victim of the SolarWinds attack earlier this year, it now came up with more details explaining the impact. As per the new statement, the hackers, named to be Russian Foreign Intelligence Service (APT29 or Cozy Bear or The Dukes), had accessed the Microsoft Office 365 email accounts of employees belonging to 27 US Attorney’s Offices across the country. The statement emphasized that over 80% of employees at the Eastern, Northern, Southern, and Western Districts of New York were breached. In contrast, other employees of other districts had slightly impacted. Here is a list of all of them;
Central District of California; Northern District of California; District of Columbia; Northern District of Florida; Middle District of Florida; Southern District of Florida; Northern District of Georgia; District of Kansas; District of Maryland; District of Montana; District of Nevada; District of New Jersey; Eastern District of New York; Northern District of New York; Southern District of New York; Western District of New York; Eastern District of North Carolina; Eastern District of Pennsylvania; Middle District of Pennsylvania; Western District of Pennsylvania; Northern District of Texas; Southern District of Texas; Western District of Texas; District of Vermont; Eastern District of Virginia; Western District of Virginia; and Western District of Washington.
Also, the DoJ said that hackers had access to these compromised email accounts from May 7th, 2020, to December 27th, 2020. The affected data include all sent, received, and stored emails and attachments found within those accounts during that time. After realizing the attack, the Office of the Chief Information Officer has notified appropriate federal agencies, Congress, and the public as warranted, by FISMA. The SolarWinds hacking spree has caused waves in the cybersecurity space earlier this year, as thousands of US government agencies and private tech companies have fallen victim and breached. Officially blaming Russian APT as the threat actors, the US warned all the companies in the country to remain vigilant and patch up networks for safeguarding against attacks. The threat actors have breached the SolarWinds internal system in early 2020, infected its Orion Software Platform source code with malicious backdoors, and sent it as an update to all its clients, including the US government agencies and private companies.