The US Department of Justice confirmed Wednesday that its email systems had been accessed by the hackers who broke into software company SolarWinds, another indication of the gravity of the breach that has shaken Washington.
The scale of the hack at the justice department was not immediately clear but it could be significant. The department, which has more than 100,000 employees across a series of law enforcement agencies, including the FBI, the Drug Enforcement Agency, and the US Marshals Service, said in a statement that 3% of its Office 365 mailboxes were potentially accessed.
The statement went on to say that the justice department had no indication that any classified systems were affected. But winning access to as many as thousands of email inboxes from the nation’s premier law enforcement organization could still provide an intelligence bonanza for foreign hackers.
The department plays a key role in rooting out foreign spies, enforcing sanctions and fighting corruption. The department has recently taken increasingly aggressive actions against foreign hackers, unsealing a series of indictments against Russian, Chinese, and Iranian cyber spies in the run-up to the US presidential election two months ago.
Justice spokesman Marc Raimondi declined to put a precise figure to the number of mailboxes targeted.
The statement said the justice department’s office of the chief information officer discovered the breach on the day before Christmas, weeks after the first reports emerged that hackers suspected of acting on Russia’s behalf had broken into US government networks.
Russia has denied responsibility for the hacking campaign, which has been described as one of the most sophisticated operations uncovered in years. But on Tuesday, the office of the US director of national intelligence said Russia was likely behind the hack in the first formal statement of attribution from the Trump administration.
The hackers were able to gain access to a swath of government agencies by tampering with network monitoring software sold by the Austin-based SolarWinds.
In a joint statement, the national intelligence office, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency inside the Department of Homeland Security said the actor, “likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks”.
The investigation is continuing, they said, and could turn up additional government victims. As of now the hackers’ goal appeared to be collecting intelligence, rather than any destructive acts.
Fewer than 10 government agencies were affected, the director of national intelligence said, but did not specify how many.
Cybersecurity experts have said a full recovery from the breaches could take months – or even longer.