DOJ says it was hit by SolarWinds hackers
- By Justin Katz
- Jan 06, 2021
The Justice Department today confirmed its systems were compromised as part of the ongoing breach by suspected Russian intelligence agents that exploited a backdoor vulnerability in the IT management software SolarWinds Orion.
DOJ late last month "learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others," according to spokesman Marc Raimondi.
Raimondi said hackers are believed to have accessed "around" 3% of email inboxes, but not any classified systems.
DOJ's confirmation comes the day after a White House task force for the first time attributed the SolarWinds Orion hack to a Russian entity. The group, called the Cyber Unified Coordination Group, also said it believes "fewer than" 10 federal agencies were victimized by hackers following the initial breach.
"As part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination," Raimondi said.
Additionally, the Cybersecurity and Infrastructure Security Agency issued new guidance for agencies that were running SolarWinds Orion, one of the IT management products compromised by the hack.
The supplemental guidance tasks agencies that ran affected SolarWinds products to conduct a forensic analysis and agencies that "accept the risk of running SolarWinds Orion," must take steps to harden their systems. Agency CIOs must submit status report to CISA on these efforts on Jan. 19 and Jan. 25.
"Given the threat actor's interest in compromising identity, CISA is requiring agencies to provide additional details in order to map the possible threat space that was impacted as part of the compromise," the agency said in the supplemental guidance.
Justin Katz is a former staff writer at FCW.