[TheRecord] DOJ says SolarWinds hack impacted 27 state attorneys’ offices

The Russian hackers who orchestrated the SolarWinds supply chain attack pivoted to the internal network of the US Department of Justice, from where they gained access to Microsoft Office 365 email accounts belonging to employees at 27 state attorneys’ offices, the DOJ said in a statement on Friday afternoon.

Among the impacted, the DOJ listed the state attorneys’ offices for:

Central District of California;Northern District of California;District of Columbia;Northern District of Florida;Middle District of Florida;Southern District of Florida;Northern District of Georgia;District of Kansas;District of Maryland;District of Montana;District of Nevada;District of New Jersey;Eastern District of New York;Northern District of New York;Southern District of New York;Western District of New York;Eastern District of North Carolina;Eastern District of Pennsylvania;Middle District of Pennsylvania;Western District of Pennsylvania;Northern District of Texas;Southern District of Texas;Western District of Texas;District of Vermont;Eastern District of Virginia;Western District of Virginia; andWestern District of Washington.

The DOJ said it believed the hackers had access to compromised Microsoft O365 accounts between May 7 to December 27, 2020.

“While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the US Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York,” the Department said today.

“The Executive Office for US Attorneys has notified all impacted account holders and the Department has provided guidance to identify particular threats.”

In April 2021, the White House issued a formal statement blaming the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.

SVR hackers were blamed for breaching Texas software company SolarWinds, inserting malware in an update for the Orion IT monitoring platform, and then selecting high-profile targets where they’d pivot with additional malware for espionage purposes.

The DOJ initially admitted it was running Orion and was impacted by the incident on January 6.

The post DOJ says SolarWinds hack impacted 27 state attorneys’ offices appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

All posts, ThreatPost

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms. Source: Read More (Threatpost)

Read More

[SecurityWeek] Cyber Warfare May be Losing Its Advantage of Deniability

All posts, Security Week

Only time will tell if countries eventually establish proper cyber rules of engagement and punish those who break them read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code

Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.