3000-Plus DOJ Employees Hacked In SolarWinds Attack

Hackers responsible for the SolarWinds supply chain attack targeted US Department of Justice IT systems and accessed the email accounts of an estimated 3,000 to 3,450 DOJ employees. In a press release dated 1-12 the department claimed to have no indication that classified systems were included. The attack was discovered in mid-December when Microsoft and FireEye said that hackers had accessed to the internal network of IT software company SolarWinds and inserted malware inside multiple update packages for the Orion software inventory and IT monitoring platform. About 18,000 private companies and government organizations downloaded these updates and were infected. Security firms and US cyber-security agencies have since revealed that hackers escalated the attack on a few of the infected companies by deploying a second-phase malware strain named Teardrop, which gave them access to the victim company’s cloud and email infrastructure, with the purpose of gathering intelligence on recent activities. In a joint statement published 1-12, the FBI, CISA, ODNI, and the NSA attributed the attack to an “Advanced Persistent Threat actor, likely Russian in origin,” and called it “an intelligence gathering effort,” rather than an operation looking to destroy or cause mayhem among US IT infrastructure.