SolarWinds hackers were in US Department of Justice mailboxes

Spread the love

The hackers behind the supply chain attack on SolarWinds had access to emails from the US Department of Justice. According to the CIO of the ministry, criminals entered the Office 365 environment.

The discovery was made on December 24, but is only now coming out. On Christmas Eve, the chief information officer of the US Department of Justice discovered that criminal hackers were able to penetrate the Office 365 environment. The attackers had access to about three percent of all inboxes. According to the ministry, there are no indications that these are confidential systems, but it does not provide details.

The ministry does not say exactly how the criminals managed to get in, but it did say that it was related to the SolarWinds hack of mid-December. Then state hackers managed to penetrate various government agencies and companies through SolarWinds’ Orion network monitoring software. They could remain there undetected in the systems for a long time. Much is still unclear about the hack and one of the questions is how the hackers managed to circumvent the existing two-step verification of email accounts. In one case, the attackers were able to create a memory dump of servers running the Outlook Web App, and then retrieve an mfa key from Duo. It is not clear whether that has happened in this case. The ministry says it has closed access to the hackers.

DiscoveryEmailEnvironmentGovernmentHackHackersMemoryNetwork Monitoring SoftwareOffice 365OutlookSoftware