SolarWinds Attackers Accessed US Attorneys’ Office Emails | #emailsecurity | #phishing | #ransomware | #cybersecurity | #infosecurity | #hacker

3rd Party Risk Management,Application Security,Cybercrime

DOJ: Russian-Linked Group Breached Office 365 Accounts in 27 OfficesScott Ferguson (Ferguson_Writes) •August 1, 2021    

Photo: Salticidae via Flickr/CC

The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. Attorneys’ Offices in 15 states and Washington D.C. throughout 2020, according to an update posted Friday by the Justice Department.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

These various intrusions at federal prosecutors’ offices took place between May 7 and December 27, 2020, and targeted the Microsoft Office 365 accounts belonging to department employees. The attackers were able to access all email communications as well as message attachments, the Justice Department notes.

The supply chain attack that originally targeted SolarWinds led to follow-on attacks that affected about 100 private companies and at least nine federal agencies, including the Justice Department. While the cyberespionage campaign was first uncovered in December 2020 by security firm FireEye, the Biden administration attributed the attacks to Russian Foreign Intelligence Service, or SVR, in April (see: US Sanctions Russia Over SolarWinds Attack, Election Meddling).

During the part of the campaign that targeted the 27 U.S. Attorneys’ Offices, the Justice Department says that Russian-linked attackers had access to large amounts of employees’ Office 365 email data.

“The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time,” according to the Justice Department’s update.

The Justice Department first acknowledged that it was targeted by the SolarWinds attackers on Dec. 24, 2020. At the time, a spokesman noted that about 3% of the department’s Office 365 email accounts were compromised, but provided no addi ..

Support the originator by clicking the read the rest link below.