Posted on August 2, 2021 at 5:19 PM
Microsoft 356 Accounts Of US Attorneys Compromised By Solarwinds Hackers
The US Department of Justice (DoJ) has stated that hackers have compromised at least one Microsoft 365 account of US attorneys’ offices in 27 districts in the country.
According to the report, the NSA, ODNI, CISA, and the FBI stated that the hacking incident was most likely perpetrated by Kremlin-backed threat actors that compromised a software update from enterprise IT Vendor SolarWinds.
The UK and US officials are also blaming Russian intelligence services as the orchestrators of the attack. On the same note, US president Joe Biden has sanctioned Russia over the attack.
Compromise affected the U.S. government
The DoJ also revealed that the APT hacking group accessed the O365 email accounts of about 80% of the employees working at the attorney offices in Western, Southern, Northern, and Eastern Districts of New York.
To follow up its revelations, the department also published a list of 27 districts that were affected by the hacking incident. According to the report, the infiltrated accounts of the employees affected both the private sector and the US government.
The DoJ also stated that the threat actors hid in the systems of their victims for about six months. As a result, the damage to their accounts may be worse than what has been initially discovered.
The report also revealed that the affected data include attachments stored emails, as well as sent and received files during the period.
The SolarWinds hack affected several U.S. government agencies, including the US Department of Energy (DOE), the US Department of State, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Agency (CISA), as well as the US Treasury Department.
When the SolarWinds attack was discovered and reported, it affected both private and government agencies who use the SolarWinds Orion software. Thousands of private businesses were also affected since the software is popular for companies that want to manage their IT resources.
The threat actors succeeded in breaching the internal systems of SolarWinds and trojanized the soft code of the Orion Software Platform. The malicious builds were deployed as Sunburst to about 18,000 systems.
At the time of the initial incident report, it was discovered that SolarWinds has over 425 out of the Fortune 500 companies as customers. The customers also include the US Pentagon as well as the Office of the President of the United States.
After the attack, SolarWinds revealed that it has spent $3.5 million concerning the attack for expenses on incident investigation and remediation.
The hacking incident was discovered in December 2020. However, there were reports that the attack started as early as January 2019. The extent of the attack and the extensive spread to several companies is another proof that the attack has entered deep into several organizations before it was discovered. Organizations are still feeling the impact of the attack and many are yet to recover.
A sustained period of attack
However, threat actors are now taking advantage of the SolarWinds hack to infiltrate other systems. The recent discovery by the DoJ is being treated as if the APT group accessed all email communications for the victims. The DoJ says the situation needs to be treated so because the APT group seems to have access to the infiltrated accounts from May 7 to December 27, 2020.
The Justice Department has informed all affected Microsoft 365 account holders. It has also offered guidelines on the methods of identifying certain threats to the account. Also, the department is still investigating the SolarWinds hack to gain more insights and offer better protection to users who are targets of the threat actors.
The nine agencies affected by the SolarWinds hack were critical to the activities of the US government. The Justice Department admitted on January 6 that it was impacted by the SolarWinds attack, and subsequently provided more details about the impact of the incident.
It says more details will be provided when any new detail is uncovered during the ongoing investigation.