SolarWinds hackers accessed DOJ email
- By Justin Katz
- Jan 07, 2021
The Justice Department confirmed its systems were hacked by suspected Russian intelligence agents that exploited a backdoor vulnerability in the SolarWinds Orion IT management software.
Attackers are believed to have accessed "around" 3% of email inboxes, but not any classified systems, according to DOJ spokesman Marc Raimondi.
DOJ's confirmation comes the day after the White House’s Cyber Unified Coordination Group first attributed the SolarWinds Orion hack to a Russian entity. The group also said it believes "fewer than" 10 federal agencies were victimized by hackers following the initial breach.
"As part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination," Raimondi said.
Additionally, the Cybersecurity and Infrastructure Security Agency issued new guidance for agencies that were running SolarWinds Orion, one of the IT management products compromised by the hack.
The supplemental guidance tasked agencies that ran affected SolarWinds products to conduct a forensic analysis and said agencies that "accept the risk of running SolarWinds Orion," must take steps to harden their systems. Agency CIOs must submit status report to CISA on these efforts on Jan. 19 and Jan. 25.
"Given the threat actor's interest in compromising identity, CISA is requiring agencies to provide additional details in order to map the possible threat space that was impacted as part of the compromise," the agency said in the supplemental guidance.
This article was first posted to FCW, a sibling site to GCN.
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.