The US Department of Justice confirmed today that the hackers behind the SolarWinds supply chain attack targeted its IT systems, where they escalated access from the trojanized SolarWinds Orion app to move across its internal network and access the email accounts of some of its employees.
"At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted," DOJ spokesperson Marc Raimondi said in a short press release[1] published earlier today.
With DOJ employee numbers estimated at around 100,000 to 115,000, the number of impacted DOJ employees is currently believed to be around 3,000 to 3,450.
The DOJ said it has now blocked the attacker's point of entry.
The DOJ now joins a long list of companies and government agencies that publicly admitted to having been impacted in the SolarWinds hack. Previous victims include the likes of:
- The US Treasury Department
- The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
- The Department of Health's National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
- The National Nuclear Security Administration (NNSA)
- The US Department of Energy (DOE)
- Three US state governments
- City of Austin
- Many hundreds more, such as Cisco, Intel, VMWare, and others[2].
SolarWinds hack part of a Russian intelligence-gathering effort
The SolarWinds supply chain attack[3] came to light on December 14 when Microsoft and FireEye confirmed that hackers gained access to the internal network of IT software company SolarWinds where they inserted malware inside multiple