The United States Department of Justice has become the last federal agency to say that its network has been breached in a long and wide hack campaign that is believed to have been supported by the Russian government.
In a concise statement released on Wednesday, Justice Department spokesman Marc Raimondi said the breach was not discovered until December 24, nine days after the hack campaign surfaced. The hackers, said Raimondi, took control of the department’s Office 365 system and accessed emails sent or received from about 3% of accounts. The department has more than 100,000 employees.
Investigators believe the campaign began when hackers took control of the software distribution platform from SolarWinds, a network management software manufacturer based in Austin, Texas, used by hundreds of thousands of organizations. The attackers then sent a malicious update that was installed by around 18,000 of those customers. Only a fraction of the 18,000 customers received a subsequent attack that used the SolarWinds backdoor software to view, delete or change data stored on these networks.
So far, about half a dozen federal agencies have said they are among the chosen ones. Private companies, including Microsoft and security firm FireEye, have also said they are part of this group.
On Tuesday, officials from the National Security Agency, FBI, Cybersecurity and Infrastructure Agency and the Director of National Intelligence’s Office issued a joint statement saying the Kremlin was “probably” behind the hack, which started in October at the latest. 2019.
Wednesday’s statement said investigators have no indication that the department’s classified network has been breached. While it is good news, confidential information routinely flows through unclassified systems.
A second software manufacturer investigated
Although SolarWinds software is widely suspected as the initial form of hacker intrusion, the New York Times reported on Wednesday that investigators are examining the role that another software vendor, JetBrains, may have played. The company, which was founded by three Russian engineers in the Czech Republic, creates a tool called TeamCity that helps developers to test and manage the software code. TeamCity is used by developers in 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.
The Wall Street Journal reported that investigators believe that hackers gained access to a TeamCity server used by SolarWinds, but it was not clear how the system was accessed. In a statement, JetBrains co-CEO Maxim Shafirov said he was not contacted by SolarWinds or any government agency about any role that TeamCity may have played.