Friday, October 15, 2021

DoJ Says SolarWinds Attackers Has accessed its Microsoft O365 email server

Must Read

UAE target of cyberattacks after Israel deal, official says

The United Arab Emirates has been the Target of cyber-attacks after formal ties with Israel, the Gulf Arab country's...

Firefox, Chrome, Edge Bugs Allows Remote System Hijacking

Major browsers get an upgrade to fix individual bugs which allow for remote attacks, which could potentially allow hackers...

New code for tech companies to give customers more choice and control over their data

The united kingdom government has unveiled plans to develop a new statutory code for technology firms that are designed...

Thousands of Department of Justice (DoJ) email accounts were accessed by SolarWinds attackers last year, the department has confirmed.

The US Department of Justice is one of the rare SolarWinds victims where hackers escalated the hack to a second phase and moved to access internal email inboxes, the agency said today.

The US Department of Justice confirmed today that the hackers behind the SolarWinds supply chain attack targeted its IT systems, where they escalated access from the trojanized SolarWinds Orion app to move across its internal network and access the email accounts of some of its employees.

“On December 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others.

This activity involved access to the department’s Microsoft Office 365 email environment,” it explained.

“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” DOJ spokesperson Marc Raimondi said in a short press release published earlier today.

“After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the Office 365 email environment. At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3% and we do not indicate that any classified systems were impacted.”

With DOJ employee numbers estimated at around 100,000 to 115,000, the number of impacted DOJ employees is currently believed to be around 3,000 to 3,450.

Even if no “classified systems” were impacted, this represents a major security breach that could have given attackers access to strategically useful information and provided a staging post for convincing phishing attacks on other government users.

The DOJ said it has now blocked the attacker’s point of entry.

The DOJ now joins a long list of companies and government agencies that publicly admitted to having been impacted in the SolarWinds hack. Previous victims include the likes of:

  • The US Treasury Department
  • The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State
  • The National Nuclear Security Administration (NNSA)
  • The US Department of Energy (DOE)
  • Three US state governments
  • City of Austin
  • Many hundreds more, such as Cisco, Intel, VMWare, and others.

The DoJ admitted that the activity it detected constitutes a “major incident” under the Federal Information Security Modernization Act, and said it “is taking the steps consistent with that determination.”

Agencies Blame Russia

The DoJ issued a brief statement yesterday to shed more light on the impact of the attacks, which the government has so far acknowledged and blamed on Russia, but done little else to clarify.

In a joint statement published yesterday, the FBI, CISA, ODNI, and the NSA attributed the SolarWinds supply chain attack to an Advanced Persistent Threat (APT) actor, likely Russian in origin.”

The four agencies described the entire SolarWinds operation as “an intelligence-gathering effort,” rather than an operation looking to destroy or cause mayhem among US IT infrastructure.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This