[BreachExchange] SolarWinds: US says top prosecutors' email accounts hacked by Russians

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Aug 2 12:13:21 EDT 2021


https://www.nzherald.co.nz/business/solarwinds-us-says-top-prosecutors-email-accounts-hacked-by-russians/IY6AVMQZT7UVRHBQWPFWTTKE2I/

Nearly 30 top US prosecutors had their office's email accounts hacked
during a major breach last year, the Justice Department says.

The Russian hackers behind the massive SolarWinds cyberespionage campaign
broke into the email accounts of some of the most prominent federal
prosecutors' offices around the country last year, the Justice Department
said.

The department said 80 per cent of Microsoft email accounts used by
employees in the four U.S. attorney offices in New York were breached. All
told, the Justice Department said 27 U.S. attorney offices had at least one
employee's email account compromised during the hacking campaign.

The Justice Department said in a statement Friday that it believes the
accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is
notable because the SolarWinds campaign, which infiltrated dozens of
private-sector companies and think tanks as well as at least nine U.S.
government agencies, was first discovered and publicized in mid-December.

The Biden administration in April announced sanctions, including the
expulsion of Russian diplomats, in response to the SolarWinds hack and
Russian interference in the 2020 U.S. presidential election. Russia has
denied wrongdoing.

Jennifer Rodgers, a lecturer at Columbia Law School, said office emails
frequently contained all sorts of sensitive information, including case
strategy discussions and names of confidential informants, when she was a
federal prosecutor in New York.

"I don't remember ever having someone bring me a document instead of
emailing it to me because of security concerns," she said, noting
exceptions for classified materials.

The Administrative Office of U.S. Courts confirmed in January that it was
also breached, giving the SolarWinds hackers another entry point to steal
confidential information like trade secrets, espionage targets,
whistleblower reports and arrest warrants.

The list of affected offices include several large and high-profile ones
like those in Los Angeles, Miami, Washington and the Eastern District of
Virginia.

The Southern and Eastern Districts of New York, where large numbers of
staff were hit, handle some of the most prominent prosecutions in the
country.

"New York is the financial center of the world and those districts are
particularly well known for investigating and prosecuting white-collar
crimes and other cases, including investigating people close to the former
president," said Bruce Green, a professor at Fordham Law School and a
former prosecutor in the Southern District.

The department said all victims had been notified and it is working to
mitigate "operational, security and privacy risks" caused by the hack. The
Justice Department said in January that it had no indication that any
classified systems were affected.

The Justice Department did not provide additional detail about what kind of
information was taken and what impact such a hack may have on ongoing
cases. Members of Congress have expressed frustration with the Biden
administration for not sharing more information about the impact of the
SolarWinds campaign.

The Associated Press previously reported that SolarWinds hackers had gained
access to email accounts belonging to the then-acting Homeland Security
Secretary Chad Wolf and members of the department's cybersecurity staff,
whose jobs included hunting threats from foreign countries.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210802/bfc59988/attachment.html>


More information about the BreachExchange mailing list