- The U.S. DoJ has confirmed that the ‘Solarwinds’ hackers accessed the emails of 27 state attorney offices.
- The compromise includes all incoming and outgoing messages, saved emails, as well as their attachments.
- The period of access spans between May 7, 2020, and December 27, 2020.
The U.S. Department of Justice has updated its January 2021 evaluation on the scope of the effects of the ‘SolarWinds’ attacks, and it now declares to have evidence that the hackers accessed the Microsoft Office 365 emails accounts of 27 U.S. States Attorney offices. This fact has already been reported to the appropriate federal agencies and Congress, but in the context of being transparent to the public, the DoJ is now also announcing the details on its portal.
The Attorneys’ offices in the following states had at least one MS Office 365 email account compromise as a result of the SolarWinds campaign:
- Central District of California
- Northern District of California
- District of Columbia
- Northern District of Florida
- Middle District of Florida
- Southern District of Florida
- Northern District of Georgia
- District of Kansas
- District of Maryland
- District of Montana
- District of Nevada
- District of New Jersey
- Eastern District of New York
- Northern District of New York
- Southern District of New York
- Western District of New York
- Eastern District of North Carolina
- Eastern District of Pennsylvania
- Middle District of Pennsylvania
- Western District of Pennsylvania
- Northern District of Texas
- Southern District of Texas
- Western District of Texas
- District of Vermont
- Eastern District of Virginia
- Western District of Virginia
- Western District of Washington
State attorneys represent the United States federal government in district courts, are responsible for prosecuting individuals and offending entities, and have the authority to launch investigations, issue subpoenas, file criminal charges, grant immunity to witnesses, and more. As such, accessing their email accounts means compromising extremely sensitive classified information that goes up to the highest level. This is roughly 29% of all U.S. Attorneys in the country, so the scale of the compromise is pretty significant.
The time of the compromise of these accounts is estimated to span between May 7, 2020, and December 27, 2020. Unfortunately, as the DOJ announcement confirms now, the actors had full access to those accounts, meaning they could see all received, sent, and archived emails as well as any attachments that came and went with them. The actors had access to at least 80% of the employee accounts on the four New York offices, so this was the worst case.