2 August 2021

SolarWinds hackers compromised email accounts of employees at 27 US Attorneys' offices


SolarWinds hackers compromised email accounts of employees at 27 US Attorneys' offices

Threat actors behind the widespread SolarWinds cyberespionage campaign breached Microsoft Office 365 email accounts belonging to employees at 27 US attorneys’ offices, the US Department of Justice said Friday.

The list of impacted offices includes several large and high-profile ones like those in New York, Los Angeles, Miami, Washington and the Eastern District of Virginia.

The APT (Advanced Persistent Threat) knows as APT29, The Dukes, or Cozy Bear linked by security researchers to the Russian government is believed to be behind the massive SolarWinds hack, where hackers exploited the SolarWinds Orion platform to gain access to the networks of multiple US federal agencies and private tech sector firms.

The DoJ said in a statement that the hackers are believed to have had access to compromised accounts from approximately May 7 to December 27, 2020. The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time.

“While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the U.S. Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York,” the department said.

“After learning of the malicious activity, the Office of the Chief Information Officer eliminated the identified method by which the actor was accessing the O365 email environment and in accordance with FISMA, the department took steps to notify the appropriate federal agencies, Congress, and the public as warranted,” the DoJ added.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021