The Department of Justice (DOJ) said Friday that the hackers behind the major SolarWinds attack compromised employee accounts in more than two dozen federal prosecutors’ offices.
The DOJ said in an update that the hackers are believed to have compromised the accounts from May 7 to Dec. 27, 2020. The data includes “all sent, received, and stored emails and attachments found within those accounts during that time.”
In total, hackers gained access to “one or more employees’ ” emails in 27 office across 15 states and the District of Columbia, the DOJ said Friday.
While other districts were affected to a lesser extent, hackers gained access to the email accounts of at least 80 percent of employees working in all of its New York offices alone, the agency said.
The hack, which was first discovered in December, involved Russian hackers exploiting software from IT group SolarWinds to gain access to about 18,000 customers, compromising nine federal agencies and 100 private-sector groups.
The incident is believed to be one of the largest cyber espionage attacks in U.S. history.
The DOJ first confirmed in January that it learned of “previously unknown malicious activity linked to the global SolarWinds incident” on Dec. 24.
At the time, the agency said “around 3 percent” of emails were “potentially accessed,” but the agency didn’t say which specific accounts were impacted.
The Biden administration formally attributed the hack to Russia’s Foreign Intelligence Service in April.
The administration issued sanctions against the Russia in retaliation for the hack, as well as for interfering in the 2020 election.
