U.S. Justice Department says its emails were breached by SolarWinds hackers

WASHINGTON (Reuters) – The U.S. Department of Justice said on Wednesday its email systems were accessed by the hackers who broke into software company SolarWinds, another indication of the gravity of the breach that has shaken Washington.

The scale of the hack at the Department of Justice was not immediately clear but it could be significant. The department, which has more than 100,000 employees across a series of law enforcement agencies, including the FBI, the Drug Enforcement Agency, and the U.S. Marshals Service, said in a statement that 3% of its Office 365 mailboxes were potentially accessed.

The statement went on to say that the Justice Department had no indication any classified systems were impacted. But winning access to as many as thousands of email inboxes from the nation’s premier law enforcement organization could still provide an intelligence bonanza for foreign hackers.

The department plays a key role in rooting out foreign spies, enforcing sanctions and fighting corruption. Notably, Justice has recently taken increasingly aggressive actions against foreign hackers, unsealing a series of indictments against Russian, Chinese, and Iranian cyber spies in the run-up to the U.S. presidential election two months ago.

Justice spokesman Marc Raimondi declined to put a precise figure to the number of mailboxes targeted.

The statement said the Justice Department’s Office of the Chief Information Officer discovered the breach on the day before Christmas – nearly two weeks after Reuters first reported that hackers suspected of acting on Russia’s behalf had broken into U.S. government networks.

Russia has denied responsibility for the hacking campaign, which has been described as one of the most sophisticated operations uncovered in years.

The hackers in question were able to gain access to a swath of government agencies by tampering with network monitoring software sold by the Austin, Texas-based SolarWinds.

Cybersecurity experts have said a full recovery from the breaches could take months – or even longer.

Source: Read Full Article