The Justice Department revealed that its email system had been affected by the SolarWinds cyberattack that was suspected to have been carried out by the Russians, though it emphasized that the access appeared to be limited and that there was no evidence of classified information being stolen.
DOJ spokesman Marc Raimondi said on Wednesday that the Justice Department’s Office of the Chief Information Officer learned of “previously unknown malicious activity linked to the global SolarWinds incident” on Christmas Eve and that “this activity involved access to the Department’s Microsoft O365 email environment.”
DOJ investigators then “eliminated the identified method by which the actor was accessing the O365 email environment” and that “at this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent, and we have no indication that any classified systems were impacted.”
Raimondi added that “as part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act [a 2014 law that updated the U.S. government’s cybersecurity practices] and is taking the steps consistent with that determination.”
President-elect Joe Biden is reportedly set to nominate Merrick Garland, a judge on the U.S. Court of Appeals for the District of Columbia Circuit, to lead the Justice Department when he takes office later in January.
The announcement by the Justice Department came a day after the FBI, the Office of the Director of National Intelligence, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency announced that the massive SolarWinds hack that breached the U.S. government and thousands of other public and private customers is “likely Russian in origin” and that a likely Kremlin-backed advanced persistent threat actor “is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.”
The agencies said in a statement that they “believe this was, and continues to be, an intelligence gathering effort,” and of the estimated 18,000 affected public and private sector customers of SolarWinds’s Orion products, “a much smaller number has been compromised by follow-on activity on their systems.”
The groups also said that “we have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted” and that “this is a serious compromise that will require a sustained and dedicated effort to remediate.”
President Trump, who has refused to concede the November election to Biden, tweeted in December that “Russia, Russia, Russia is the priority chant when anything happens” and that the hack “may” have been carried out by China. Now-former Attorney General William Barr and Secretary of State Mike Pompeo both said in December that they believed the cyber campaign was likely carried out by the Russians.
