SolarWinds: Russian hackers broke into email accounts at US attorney offices


The US Department of Justice said US federal prosecutors were among the targets of Russian hackers who launched a cyber attack on SolarWinds in 2020, this time targeting key institutions in the US legal system.

According to the Associated Press, the Department of Justice says hackers targeted federal prosecutors between May and December 2020.

The department said 80% of Microsoft email accounts used by employees in the four US attorney offices in New York were breached. All told, the DoJ said 27 US attorney offices had at least one employee email account compromised.

The SolarWinds hackers breached Microsoft Outlook 365 email accounts, which included the mailboxes of federal prosecutors from New York and Los Angeles, and prominent offices in 13 other states.

The targeted federal offices are the most well-known, especially those in the eastern and southern counties of New York, as well as Miami, Los Angeles and Washington.

The Department of Justice said it has alerted all victims and is taking steps to reduce the risks arising from the breach.

The department has previously said there is no evidence that the SolarWinds hackers broke into secret systems, but federal lawyers often share details of sensitive cases.

“In Los Angeles, federal prosecutors regularly deal with high-profile criminal investigations that involve a lot of non-public information, including pending public corruption investigations, investigations into organized crime, and complex domestic and international financial fraud,” said Rebecca Lonergan of USC Gould.

Lonergan operates in Central California, which was one of the areas where its offices were targeted.

She added that hackers may not have been able to access the confidential material, because it is not kept on servers connected to the Internet, however some of the files accessed may contain information that can be used for political blackmail or to expose ongoing investigations.

Jennifer Rodgers, a lecturer at Columbia Law School, said when she was a federal prosecutor in New York, office emails frequently contained sensitive information including case strategy discussions and names of confidential informants.

“I don’t remember ever having someone bring me a document instead of emailing it to me because of security concerns,” she said, noting exceptions for classified materials.

The administration of US President Joe Biden officially blamed the Russian state-backed “Cozy Bear” group for the hacking operations, and responded by expelling diplomats and punishing 32 “entities and individuals.” Russia denied its involvement.

US federal investigators said Russia’s foreign intelligence service, SVR, was responsible for installing malware in SolarWinds’ Orion software in 2020.

The US IT company has more than 300,000 customers, including US government agencies and the vast majority of Fortune 500 companies.

After learning that these accounts had been hacked, the Office of the Chief Information Management Officer at the Department of Justice disabled the channel that the hackers used for Microsoft Office accounts, notified the affected parties and the public, and indicated that monitoring of security risks associated with the hack continues.