Suspected Russian Hackers Targeted DOJ, U.S. Courts Filings


Suspected Russian hackers broke into the Department of Justice’s email system and may have also compromised the U.S. federal judiciary’s electronic filing and case management system, authorities said on Wednesday.

The intrusions are part of a massive cyber-attack that utilized malicious code implanted in Orion software by Texas-based SolarWinds Corp., which is widely used in government and the private sector for network management.

In late December, the Justice Department “learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others,” Justice Department spokesman Marc Raimondi said Wednesday in a statement. He added that hackers were able to access the Department’s Microsoft Corp. Office 365 email accounts.

“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3% and we have no indication that any classified systems were impacted,” Raimondi said. The Department of Justice, which found the hack on Dec. 24, has “eliminated the identified method by which the actor was accessing the 0365 email environment,” according to a statement.

The judiciary’s electronic filing and case management system suffered an “apparent compromise,” the Administrative Office of the U.S. Courts said Wednesday. A spokesperson for the Administrative Office said the incident was tied to the broader SolarWinds-related hacks.

The federal courts are working with the Department of Homeland Security on an audit of the system, Administrative Office Director James Duff said in a memo distributed to federal courts. The federal courts “suspended all national and local use” of the Orion IT tool after the Department of Homeland Security issued a directive about the breach in December, according to an AO statement.

Going forward “highly sensitive documents” will have to be submitted to the courts on paper or on a secure electronic device. Each court will make its own determination about which documents are highly sensitive.

The hack targeted updates in SolarWinds’s Orion software, and the company has said as many as 18,000 customers may have received the malicious code. However, in a joint statement by intelligence agencies and the FBI on Tuesday, the U.S. officials said they believe the number of organizations that were actually targeted for “follow-on activity,” meaning further intrusions by the hackers, was far smaller.

The officials said fewer than 10 government agencies fell into that category. They also said Russia was likely behind the attack.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.