The US Department of Justice (DoJ) said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department’s Office 365 email inboxes.
DoJ’s Office of the Chief Information Officer (OCIO) detected malicious activity on December 24th, 2020, related to the SolarWinds hack that impacted several federal agencies and technology contractors.
“This activity involved access to the Department’s Microsoft O365 email environment,” DoJ Spokesman Marc Raimondi said in a statement published earlier today.
The OCIO blocked the method used by the attackers to gain access to the DOJ Office 365 email accounts after learning of this malicious activity.
“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” Raimondi added.
As part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination. The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted. — Marc Raimondi
This statement confirms a Microsoft report saying that the end goal of the SolarWinds supply chain compromise was to provide the attackers with access to the targets’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.
Yesterday, a joint FBI, CISA, NSA, and ODNI statement also said that a Russian-backed Advanced Persistent Threat (APT) group is likely behind the SolarWinds attacks.
It also added that only 10 US government agencies have been targeted by additional hacking activity after the initial breach.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the federal agencies added.
The compromise of multiple US federal networks was first acknowledged officially in a separate joint statement released on December 17, 2020.
The list of compromised US agencies includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, the Department of Energy, the National Nuclear Security Administration, and the US Department of Homeland Security.