The US Department of Justice has become the latest federal agency to say its network has been compromised in a long and widespread hack campaign believed to be backed by the Russian government.
at Brief statement Justice Department spokesman Mark Rimondi said on Wednesday that the breach was not discovered until December 24, nine days after the hacking campaign. Came to light. Remondi said the hackers took control of the ministry’s Office 365 system and accessed email sent or received from about 3 percent of the accounts. The department has more than 100,000 employees.
Investigators believe the campaign began when hackers took control of the software distribution platform of SolarWinds, a network management software maker in Austin, Texas that is used by hundreds of thousands of organizations. The attackers then released a malicious update that was installed by about 18,000 of these clients. Only a fraction of the 18,000 customers received a follow-up attack that used SolarWinds backdoored software to view, delete, or change data stored on those networks.
So far, about half a dozen federal agencies have said they are among those identified. Private companies, including Microsoft and security company FireEye, have said they are part of this group.
On Tuesday, officials at the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence issued a joint statement saying that the Kremlin Most likely behind the breakoutThat started no later than October 2019.
Wednesday’s statement said that investigators had no indication that the department’s secret network had been breached. While this is good news, sensitive information routinely flows through unclassified systems.
Another software manufacturer was investigated
While SolarWinds is widely suspected to be the primary way hackers got in, the New York Times reported on Wednesday. mentioned Investigators are examining the role that another software supplier, JetBrains, may have played. The company, founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers in 300,000 organizations, including SolarWinds and 79 Fortune 100 companies.
The Wall Street Journal mentioned Investigators believe that the hackers gained access to the TeamCity server used by SolarWinds, but it is unclear how the system was accessed. at statement, JetBrains co-CEO Maxim Shafirov said he had not been contacted by SolarWinds or any government agency about any role TeamCity might have played.