Russian cybercriminals behind the massive SolarWinds cyber espionage campaign infiltrated the email accounts of some of the most important federal prosecutors’ offices across the country last year, the United States Department of Justice reported.
The department reported that 80% of Microsoft email accounts used by employees at the four federal prosecutors’ offices in New York were hacked. In total, the Justice Department said that 27 federal prosecutor’s offices had at least the email account of a compromised employee during the hacking campaign.
The department said in a statement on Friday that accounts appeared to be compromised between May 7 and December 27, 2020. That period is notable because the SolarWinds campaign, that infiltrated dozens of private sector companies and think tanks, as well as in at least nine government agencies in the United States, was discovered and published for the first time in mid-December.
In April, the administration of President Joe Biden announced sanctions, including the expulsion of Russian diplomats, in response to the SolarWinds hack and Russian interference in the 2020 US presidential election. Moscow denies wrongdoing Jennifer Rodgers, a professor at Columbia Law School, said the office’s emails frequently contained all kinds of confidential information, including discussions of case strategies and names of confidential informants, when he was a federal prosecutor in New York.
“I don’t remember someone bringing me a document instead of emailing it to me for security reasons, ” he said, noting the exceptions for classified materials.
The Administrative Office of the United States Courts confirmed in January that it was also infiltrated, giving SolarWinds hackers another entry point to steal confidential information such as trade secrets, spy targets, whistleblower reports and arrest warrants. .
The list of affected offices includes several large, high-profile offices such as those in Los Angeles, Miami, Washington, and the Eastern District of Virginia.
The attack on Kaseya
More than 200 companies that provide the internet were affected. Reuters photo
At the beginning of the month, cybercriminals carried out an extortionate cyberattack against the US company Kaseya just before the long weekend around the 4th of July holiday, potentially affecting more than 1,000 companies through its IT management program.
The first direct consequence of the attack was that a large Swedish supermarket chain had to close more than 800 stores after its boxes were paralyzed.
At the moment it is difficult to estimate the real scope of the attack with ransomware, a type of program that paralyzes a company’s computer systems and then demands a reward in exchange for unlocking.
Por noticed around noon on Friday of a possible incident in his VSA software, he assured that he had been able to circumscribe it “to less than 40 clients worldwide.”
But the latter provide services to other companies, allowing hackers to multiply their attack.
According to the computer security company Huntress Labs, “more than 1,000 companies” were affected by this ransomware.
“Based on the number of IT (information technology) service providers asking us for help and the feedback we see in this thread, it’s reasonable to think that it could impact thousands of small businesses,” Huntress Labs notes in a forum post Reddit.
“We do not have data at the moment on the number of companies affected“said Brett Callow, a cybersecurity expert at Emsisoft. But the scale of the attack is probably” unprecedented. “
Based in Miami, Kaseya, which claims to have more than 40,000 customers, offers IT tools to businesses, including VSA software to manage the network of servers, computers and printers from a single source.