Massive DOJ email breach after SolarWinds supply chain attack

A recent statement from the US Department of Justice (DoJ) has confirmed that the attackers behind the SolarWinds supply chain security incident were able to gain access to about 3% of the Department’s Office 365 email inboxes. The DOJ is currently employing 115,000 people, meaning that there may be around 3450 compromised mailboxes.  

According to DOJ’s Office of the Chief Information Officer (OCIO), its security team spotted suspicious activity during late December 2020, all related to the SolarWinds hack that wrecked havoc in hundreds of government organizations and private enterprises: “Te suspicious activity involved illegitimate access to our Microsoft Office 365 email boxes”, mentioned Marc Raimondi, OCIO spokesperson.   

The OCIO blocked the method used by the attackers to gain access to the DOJ Office 365 email accounts after learning of this malicious activity. “At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” Raimondi added.

The report is a confirmation of Microsoft’s last statement, which pointed out that the end of this attack was provide threat actors with an easy way to access its targets cloud implementations. The FBI mentioned that the attack was attributed to a Russian hacking group.

The Agency also mentioned that only 10 US government agencies were impacted by further hacking activity after the first incident: “This is a serious security incident and its mitigation require a massive effort to remediate it,” the federal agents mentioned. The compromise of multiple US federal networks was first acknowledged officially at the end of December 2020.

Further information will be disclosed as soon as the agencies are able to.