WASHINGTON (AP) – The Department of Justice and the federal judiciary revealed Wednesday that they are among dozens of U.S. government agencies and private companies compromised by a massive cyberespionage campaign that American officials have linked to elite hackers in Russia.
The extent of the damage was unclear.
The department said 3% of Microsoft Office 365 email accounts were potentially affected, but did not say who those accounts belonged to. There are no indications that classified systems have been affected, the agency said. Office 365 is not just e-mail, but a collaborative computing environment, which means that shared documents have been securely accessed, said Dmitry Alperovitch, former technical director of cybersecurity firm CrowdStrike.
Separately, the U.S. Administrative Court has informed federal courts across the country that the national case management system has been violated, giving hackers access to sealed court documents.
The Justice Department said it had detected “previously unknown malicious activity” on Dec. 24 related to wider federal agency intrusions revealed earlier that month, according to a statement from spokesman Marc Raimondi.
Separately, the court office stated on its website that an “apparent compromise” of the US judicial system of case management and the electronic case file system is being investigated.
The Department of Homeland Security was scouring the system, he said, and mentioned a particular risk to sealed court files, the disclosure of which could jeopardize active criminal investigations.
“The potential approach is vast. The actual coverage is likely to be significant, ”said a federal court official who spoke on condition of anonymity because he was not authorized to disclose the information. The official confirmed that the purpose of the compromise was national, but it was not clear how widespread it was.
On Tuesday, federal law enforcement agencies and intelligence services officially implicated Russia in the intrusions, calling them part of a suspected intelligence gathering operation. President Donald Trump has questioned this consensus, suggesting unfoundedly that China may be to blame.
The hacking campaign was of extraordinary magnitude, with intruders pursuing government agencies, including Treasury and Commerce departments, defense contractors and telecommunications companies, for months until the breach was discovered.
Experts say this has given foreign agents enough time to collect data that could be extremely detrimental to US national security, although the scope of the violations is not known and exactly what information was sought.
An estimated 18,000 organizations have been seeded with malicious code that started with popular network management software from a company in Austin, Texas called SolarWinds. But it is believed that only one subset has been compromised. Tuesday’s statement said so far fewer than 10 federal government agencies have been identified as pirates.
Johns Hopkins cyberespionage expert Thomas Rid said the 3% of email accounts accessed by Justice might not sound like much, but that doesn’t mean the hackers “didn’t get to the interesting stuff.”
The cyber security experts who respond to the hack say that the highly skilled cyber spies behind the SolarWinds hack are able to keep their footprint as small as possible to avoid detection – targeting only high-value emails and documents.
Rid wondered how sure the Department of Justice could be about the extent of its compromise.
“How good is their visibility, given that US government agencies have completely missed the violation?” he said. “Am I really on top of the problem?” Do we really only see the tip of the iceberg? “
The breach was discovered by FireEye, a major cybersecurity company, in its network. He then identified and notified other victims.
Experts expect the severity of the hack and the number of identified victims to increase over time.
“History tells us that if you have a major violation, not just in one organization, but in an entire government – an entire sector – it will take a long time to identify who the victims are and how seriously they are compromised,” he said. Wrinkle.
Microsoft declined to comment long as intruders read emails in the Justice Department’s Office 365 environment, which is usually a cloud-based service hosted by the software provider.
–
Bajak reported from Boston. Associated Press writers Mark Sherman of Washington and Maryclaire Dale of Philadelphia contributed to this report.