Justice Department says SolarWinds hackers accessed DOJ’s email system

The Justice Department said Wednesday that hackers exploiting SolarWinds to target federal government networks accessed its email system.

SolarWinds is a Texas-based software company whose product was used by hackers to get access to its customers, including many federal government agencies.

Justice Department spokesperson Marc Raimondi said the department’s chief information officer learned of the SolarWinds-related breach on December 24 and discovered the hackers’ actions “involved access to the Department’s Microsoft O365 email environment.”

“After learning of the malicious activity, the [office of the chief information officer] eliminated the identified method by which the actor was accessing the O365 email environment,” Mr. Raimondi said in a statement. “At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted.”

The federal government formally attributed the origin of the SolarWinds breach to “likely Russian” hackers on Tuesday, in a joint statement from the FBI, National Security Agency, Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency. Those agencies, working as a cyber unified coordination group (UCG), determined that the hack is an “intelligence gathering effort” and are still working on determining the scope of the breach.

The extent of the hacking campaign, and how much of it is still ongoing, is not yet known.

“The UCG believes that, of the approximately 18,000 affected public and private sector customers of SolarWinds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems,” the UCG said on Tuesday. “We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted.”