The U.S. Department of Justice has updated its January 2021 evaluation on the scope of the effects of the ‘SolarWinds’ attacks, and it now declares to have evidence that the hackers accessed the Microsoft Office 365 emails accounts of 27 U.S. States Attorney offices. This fact has already been reported to the appropriate federal agencies and Congress, but in the context of being transparent to the public, the DoJ is now also announcing the details on its portal.
The Attorneys’ offices in the following states had at least one MS Office 365 email account compromise as a result of the SolarWinds campaign:
State attorneys represent the United States federal government in district courts, are responsible for prosecuting individuals and offending entities, and have the authority to launch investigations, issue subpoenas, file criminal charges, grant immunity to witnesses, and more. As such, accessing their email accounts means compromising extremely sensitive classified information that goes up to the highest level. This is roughly 29% of all U.S. Attorneys in the country, so the scale of the compromise is pretty significant.
The time of the compromise of these accounts is estimated to span between May 7, 2020, and December 27, 2020. Unfortunately, as the DOJ announcement confirms now, the actors had full access to those accounts, meaning they could see all received, sent, and archived emails as well as any attachments that came and went with them. The actors had access to at least 80% of the employee accounts on the four New York offices, so this was the worst case.