Hackers gained access to the Office 365 email accounts of at least 80% of employees working in the U.S. attorneys’ offices via SolarWinds

The Department of Justice (DOJ) has revealed that the Microsoft Office 365 email accounts of employees at all U.S. prosecutors’ offices were compromised by Russia’s Foreign Intelligence Service (SVR) during the SolarWinds supply chain attack: “This threat group has access to compromised accounts from approximately May 7 to December 27, 2020.” , the statement said.

Authorities say the threat actors had access to all kinds of compromised information, including attachments sent and received via email, as well as messages and drafts on these accounts. “While other districts were affected to a lesser degree, hackers gained access to office 365 email accounts of at least 80% of officials working in U.S. prosecutors’ offices.”

The offices of U.S. prosecutors breached during attacks that had at least the Microsoft O365 email account of an employee compromised as part of the SolarWinds supply chain attack that directly impacts the U.S. government and the private sector includes:

  • Central District of California
  • Northern District of California
  • District of Columbia
  • Northern District of Florida
  • Middle District of Florida
  • Southern District of Florida
  • Northern District of Georgia
  • District of Kansas
  • District of Maryland
  • District of Montana
  • District of Nevada
  • District of New Jersey
  • Eastern District of New York
  • Northern District of New York
  • Southern District of New York
  • Western District of New York

The DOJ confirmed that the hackers responsible behind the SolarWinds supply chain attack managed to compromise Microsoft Office 365 email environment. Last April, the U.S. government attributed the incident to the Russian government’s specialized intelligence unit, claiming that the exploitation of the SolarWinds Orion platform made it possible to carry out this attack.

As some users will recall, a hacking group managed to compromise SolarWinds’ internal systems to install the hidden Sunburst Trojan in a malicious update. This incident affected at least 18 thousand public and private organizations.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.