What would you do if you had access to the emails coming in and out of a U.S. Attorney's office for months? How much damage could be done from exposing confidential information, case notes, or even informants for government investigations?
It is fair to say the damage could be quite extensive.
In connection to the major SolarWinds incident from December 2020, the Department of Justice (DOJ) has announced that some U.S. Attorneys' offices had at least one employee's Microsoft Office 365 account compromised.
The DOJ says when victims of cyberattacks make information public, it can help others prepare for the next threat, which is why it is coming forward with this information. In a recent statement, the DOJ said:
"To encourage transparency and strengthen homeland resilience, today we are providing additional details about the SolarWinds intrusion in December 2020."
Here is the list of affected U.S. Attorney offices:
• Central District of California
• Northern District of California
• District of Columbia
• Northern District of Florida
• Middle District of Florida
• Southern District of Florida
• Northern District of Georgia
• District of Kansas
• District of Maryland
• District of Montana
• District of Nevada
• District of New Jersey
• Eastern District of New York
• Northern District of New York
• Southern District of New York
• Western District of New York
• Eastern District of North Carolina
• Eastern District of Pennsylvania
• Middle District of Pennsylvania
• Western District of Pennsylvania
• Northern District of Texas
• Southern District of Texas
• Western District of Texas
• District of Vermont
• Eastern District of Virginia
• Western District of Virginia
• Western District of Washington
As for the strategy the DOJ is going with for dealing with the SolarWinds incident, here is what was described:
"The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time."
It also mentions that New York districts were hit harder than any others:
"While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the U.S. Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York. The Executive Office for U.S. Attorneys has notified all impacted account holders and the Department has provided guidance to identify particular threats."
The DOJ's main goal is to mitigate the operational, security, and privacy risks caused by the incident.
For more information, read the DOJ's update on the SolarWinds situation.