The US Department of Justice is the latest federal agency to claim its network was breached in a long and far-reaching hack campaign believed to have been backed by the Russian government.
In a concise statement on Wednesday, Justice Department spokesman Marc Raimondi said the violation wasn't discovered until December 24th, nine days after the hack campaign became known. According to Raimondi, the hackers took control of the department's Office 365 system and accessed email sent or received by around 3 percent of the accounts. The department employs more than 100,000 people.
Investigators believe the campaign began when the hackers took control of the software distribution platform from SolarWinds, an Austin, Texas-based maker of network management software that is used by hundreds of thousands of organizations. The attackers then released a malicious update installed by around 18,000 of these customers. Only a fraction of the 18,000 customers received a follow-up attack using the SolarWinds backdoor software to view, delete, or modify data stored on these networks.
So far, about half a dozen federal agencies have indicated they were among the selected. Private companies like Microsoft and the security company FireEye have also declared to be part of this group.
On Tuesday, officials from the National Security Agency, the FBI, the Agency for Cybersecurity and Infrastructure Security and the Office of the Director of the National Intelligence Service issued a joint statement that the Kremlin was "likely" behind the hack, which began in October 2019 at the latest.
Wednesday's statement said investigators have no evidence that the division's classified network has been breached. While this is good news, sensitive information routinely flows through unclassified systems.
A second software manufacturer investigated
While SolarWinds software was widely used as the first option for hackers, the New York Times reported Wednesday that investigators are investigating the role another software provider, JetBrains, may have played. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that developers can use to test and manage software code. TeamCity is used by developers in 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.
The Wall Street Journal reported that investigators believe the hackers gained access to a TeamCity server used by SolarWinds, but it was unclear how the system was accessed. In a statement, JetBrains co-CEO Maxim Shafirov said that SolarWinds or any government agency had not contacted any part of TeamCity.