DoJ says SolarWinds hackers breached its Office 365 system and read email
The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government.
In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said that the breach wasn’t discovered until December 24, which is nine days after the hack campaign came to light. The hackers, Raimondi said, took control of the department’s Office 365 system and accessed email sent or received from about 3 percent of accounts. The department has more than 100,000 employees.
Investigators believe the campaign started when the hackers took control of the software distribution platform of SolarWinds, an Austin, Texas-based maker of network management software that’s used by hundreds of thousands of organizations. The attackers then pushed out a malicious update that was installed by about 18,000 of those customers. Only a fraction of the 18,000 customers received a follow-on attack that used the backdoored SolarWinds software to view, delete, or alter data stored on those networks.
So far, about a half-dozen federal agencies have said they were among those singled out. Private companies including Microsoft and security firm FireEye have also said they were part of this group.
On Tuesday, officials with the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency, and Office of the Director of National Intelligence issued a joint statement saying that the Kremlin was ”likely” behind the hack, which began no later than October 2019.
Wednesday’s statement said that investigators have no indication that the department’s classified network has been breached. While that’s good news, sensitive information routinely flows through non-classified systems.
A second software maker investigated
While SolarWinds software has been widely suspected as the initial way hackers got in, The New York Times on Wednesday reported that investigators are examining the role another software supplier, JetBrains, may have played. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.
The Wall Street Journal reported that investigators believe the hackers gained access to a TeamCity server used by SolarWinds but that it was unclear how the system was accessed. In a statement, JetBrains co-CEO Maxim Shafirov said it hasn’t been contacted by SolarWinds or any government agency about any role TeamCity may have played.