DOJ says SolarWinds hack impacted 27 US attorneys' offices

The Russian hackers who orchestrated the SolarWinds supply chain attack pivoted to the internal network of the US Department of Justice, from where they gained access to Microsoft Office 365 email accounts belonging to employees at 27 US attorneys' offices, the DOJ said in a statement on Friday afternoon.

Among the impacted, the DOJ listed the US attorneys' offices for:

• Central District of California;
• Northern District of California;
• District of Columbia;
• Northern District of Florida;
• Middle District of Florida;
• Southern District of Florida;
• Northern District of Georgia;
• District of Kansas;
• District of Maryland;
• District of Montana;
• District of Nevada;
• District of New Jersey;
• Eastern District of New York;
• Northern District of New York;
• Southern District of New York;
• Western District of New York;
• Eastern District of North Carolina;
• Eastern District of Pennsylvania;
• Middle District of Pennsylvania;
• Western District of Pennsylvania;
• Northern District of Texas;
• Southern District of Texas;
• Western District of Texas;
• District of Vermont;
• Eastern District of Virginia;
• Western District of Virginia; and
• Western District of Washington.

The DOJ said it believed the hackers had access to compromised Microsoft O365 accounts between May 7 to December 27, 2020.

"While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the US Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York," the Department said today.

"The Executive Office for US Attorneys has notified all impacted account holders and the Department has provided guidance to identify particular threats."

In April 2021, the White House issued a formal statement blaming the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.

SVR hackers were blamed for breaching Texas software company SolarWinds, inserting malware in an update for the Orion IT monitoring platform, and then selecting high-profile targets where they'd pivot with additional malware for espionage purposes.

The DOJ initially admitted it was running Orion and was impacted by the incident on January 6.