The U.S. Department of Justice (DoJ) has confirmed that its internal network was compromised amid the extensive SolarWinds supply chain attack. This acknowledgment positions the DoJ as the latest government entity to confront the ramifications of this alarming breach.
According to DoJ spokesperson Marc Raimondi, the Office of the Chief Information Officer (OCIO) became aware of the previously unknown malicious activities associated with the global SolarWinds incident on December 24, 2020. This breach has impacted multiple federal agencies, in addition to various technology contractors. The threat actors allegedly infiltrated the Department’s Microsoft Office 365 email system.
Described by the DoJ as a “major incident,” the attack resulted in potential access to approximately 3% of the Justice Department’s email accounts. Importantly, authorities indicated there is no evidence suggesting that classified systems were compromised.
This revelation follows a joint statement issued a day prior by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA), which collectively attributed the SolarWinds hack to an adversary likely of Russian origin.
The agencies have classified the SolarWinds operation as an extensive intelligence-gathering effort. This espionage campaign began in March 2020, employing malicious code embedded within SolarWinds network-management software. It is estimated that up to 18,000 of SolarWinds’ customers may have received this compromised software, although further intrusive activity may have been specifically directed at select targets.
JetBrains Disclaims Connection to SolarWinds Hack
In a separate yet related matter, leading publications including The New York Times, Reuters, and The Wall Street Journal reported that intelligence agencies are assessing whether JetBrains’ TeamCity software distribution system was exploited as a conduit for the hackers, potentially allowing them to insert backdoors into the software of numerous technology firms.
JetBrains, a Czech software developer known for its build management and continuous integration server TeamCity, serves 79 of the Fortune 100 companies, among them SolarWinds. However, the company’s CEO, Maxim Shafirov, has firmly denied any involvement in the breach during a recent blog post, stating that JetBrains has not been contacted by any government or security agency regarding this matter.
Shafirov elaborated that TeamCity is utilized by SolarWinds for continuous integration and deployment, yet indicated that any potential compromise of SolarWinds via TeamCity could likely be attributed to a misconfiguration, rather than a specific security vulnerability.
This situation highlights critical aspects of cybersecurity, particularly concerning the risks associated with supply chain vulnerabilities. The MITRE ATT&CK framework, which categorizes various tactics and techniques employed by adversaries, could further elucidate potential methods used in this breach. Tactics, such as initial access, persistence, and privilege escalation are relevant considerations, given the sophistication of the attack on the DoJ’s email infrastructure.
