WASHINGTON — The Russian hackers behind the massive SolarWinds cyber espionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices across the country last year, the Justice Department said.
The department said that 80% of Microsoft email accounts used by employees at four US attorneys’ offices in New York were breached. All told, the Justice Department said, at least one employee’s email account was compromised during a hacking campaign at 27 US attorneys’ offices.
The Justice Department said in a statement Friday that it believes the accounts were tampered with from May 7 to December 27, 2020. Such a time frame is notable because the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine US government agencies, was first discovered and publicized in mid-December.
In April the Biden administration announced sanctions including the expulsion of Russian diplomats in response to the SolarWinds hack and Russian interference in the 2020 US presidential election. Russia denies wrongdoing.
Jennifer Rodgers, a lecturer at Columbia Law School, said office emails often contain all kinds of sensitive information, including case strategy discussions and the names of confidential informants she was in when she was a federal prosecutor in New York.
“I don’t remember anyone bringing me any documents instead of emailing me because of security concerns,” she said, noting the exceptions to classified material.
The US Courts of Administrative Office confirmed in January that it had also been breached, giving SolarWinds hackers another entry point to steal confidential information such as trade secrets, espionage targets, whistleblower reports and arrest warrants.
The list of affected offices includes several large and high-profile offices such as Los Angeles, Miami, Washington and the Eastern District of Virginia.
New York’s southern and eastern districts, where large numbers of workers were killed, handle some of the most prominent lawsuits in the country.
“New York is the financial center of the world and those districts are particularly known for investigating and prosecuting white-collar crimes and other cases, including those close to the former president,” said Fordham Law School professor Bruce Greene. ” A former prosecutor in the Southern District.
The department said all victims have been notified and is working to reduce “operational, security and privacy risks” caused by the hack. The Justice Department said in January that there was no indication that any classified systems were affected.
The Justice Department did not provide additional details about what type of information was taken and the impact such a hack might have on ongoing cases. Members of Congress have expressed frustration with the Biden administration for not sharing more details about the impact of the SolarWinds campaign.
The Associated Press previously reported that SolarWinds hackers had gained access to the email accounts of then-acting Homeland Security Secretary Chad Wolf and the department’s cybersecurity staff, whose jobs included hunting threats from overseas.