Hackers had access to email accounts for more than six months, says the Justice Department.
Samuel Corum / Getty Images
Hackers attacked the offices of top U.S. federal prosecutors across the country last December, breaking into email accounts, the Justice Department said on Friday. As part of the SolarWinds hack, the attackers accessed accounts at nearly 30 US attorney’s offices, including offices in Washington, DC; New York and California, the DOJ said.
The department had revealed in January what is Microsoft O365 the email environment has been breachedbut had not provided the information on federal prosecutors.
“The Justice Department understands that when victims make public information about the nature and extent of the computer intrusions they suffered, others can use that information to prepare for the next threat.” the DOJ said in a statement Friday. “To foster transparency and strengthen the resilience of the homeland, today we provide additional details on the SolarWinds intrusion in December 2020.”
The DOJ said at least one employee account had been accessed at 27 offices from the west coast to the east. It said that at least 80% of employees at US prosecutors’ offices in the eastern, northern, southern and western districts of New York had seen their accounts breached, with other districts “affected to a lesser degree.”
Hackers are believed to have accessed breached accounts from approximately May 7 to December 2. 27 last year, the DOJ said, adding that the exposed data included emails sent, received and stored, as well as attachments. The agency said in January it had plugged the gap.
“The Department’s goal remains to mitigate the operational, security and privacy risks caused by the incident,” the Justice Department said in its statement Friday.
The SolarWinds trick, which according to US intelligence agencies likely originated in Russia, affected customers of IT software provider SolarWinds, including several private companies and federal agencies. Among the victims were high-level officials from the Department of Homeland Security., showing that even the government agency in charge of defending the US from foreign piracy attacks was not immune.
In April, US President Joe Biden signed an executive order imposing a series of retaliatory measures against Russia, who has denied involvement in the hack. And in May, Biden signed an executive order directed at enhance US cybersecurity defenses.
The DOJ listed the following US prosecutors’ offices as affected by the email violations:
– Central District of California
– Northern California District
– District of Columbia
– Northern District of Florida
– Middle District of Florida
– Southern District of Florida
– Northern District of Georgia
– Kansas District
– Maryland District
– Montana District
– District of Nevada
– District of New Jersey
– Eastern District of New York
– Northern District of New York
– Southern District of New York
– Western District of New York
– Eastern District of North Carolina
– Eastern District of Pennsylvania
– Pennsylvania Middle District
– Western District of Pennsylvania
– Northern District of Texas
– Southern District of Texas
– Western District of Texas
– Vermont District
– Eastern District of Virginia
– Western District of Virginia
– Western District of Washington
CNET’s Laura Hautala contributed to this report.
Stay informed. Get the latest tech stories from CNET News every day of the week.