The Department of Justice confirmed that Russian hackers had penetrated email addresses of employees from 27 attorney’s offices across the US.
The Department of Justice confirmed that the breach was as a result of last year's SolarWinds hack that compromised the Department’s Microsoft O365 emails.
While the scale of the intrusions varied across offices, four offices in New York had 80 per cent of Microsoft accounts' emails compromised.
According to a statement made by the Department of Justice, the attackers accessed data from both sent and received boxes, as well as stored emails and attachments.
“The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts,” the statement by the Department read.
“The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time.”
The SolarWinds hack, which compromised the IT firm SolarWinds late last year, spread from the IT company SolarWinds to their clients, which included a numerous Fortune 500 companies.
The attack was able to spread without detection and enabled the threat actors to spy on some of the largest US-based companies as well as the Department of Homeland Security, the Treasury Department and the Department of Justice.
President of Microsoft Corp Brad Smith claimed that the attack was, “the largest and most sophisticated attack the world has ever seen”.
[Related: SolarWinds hackers leverage Pulse Secure VPN]