Justice Department confirms hacking of its email network
WASHINGTON — The Justice Department has become the latest known victim of Russian haackers, who are engaged in an ongoing campaign of cyberespionage that has afflicted federal agencies and the private sector.
A department spokesman on Wednesday said the department’s Office of the Chief Information Officer, which handles network security, learned Dec. 24 of malicious activity linked to the hacking campaign.
The intrusions into other federal agencies and technology firms were discovered last month, and in the Justice Department’s case involved its unclassified Office 365 email system, spokesman Marc Raimondi said.
Office 365 email is hosted on Microsoft’s Azure cloud — or servers operated by the tech giant.
“After learning of the malicious activity, the [Office of the Chief Information Officer] eliminated the identified method by which the actor was accessing the O365 email environment,” Raimondi said in a statement.
“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3% and we have no indication that any classified systems were impacted,” he said.
The Justice Department joins the Departments of the Treasury, Commerce, State, Homeland Security and Energy with known breaches carried out by the Russian foreign intelligence service, the SVR.
The U.S. intelligence community declared Tuesday that the intrusions were “likely Russian in origin” — the agencies’ first formal acknowledgment that they believed Moscow behind the campaign.
Russia has denied involvement.
The intelligence agencies also said that so far investigators have identified fewer than 10 federal entities that have had their networks breached, though as the investigation continues, more federal agencies may turn out to have been compromised.
Meanwhile, U.S. intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the hacking of federal agencies, according to officials and executives briefed on the inquiry.
Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history.
JetBrains, which counts 79 of the Fortune 100 companies as customers, is used by developers at 300,000 businesses. One of them is SolarWinds, the Austin, Texas, company whose network management software played a central role in allowing hackers into government and private networks.
JetBrains said Wednesday that it had not been contacted by government officials and was not aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release. By compromising TeamCity, cybersecurity experts say the Russian hackers could have invisibly planted back doors in an untold number of JetBrains’ clients.
Among other customers of JetBrains are Google, Hewlett-Packard and Citibank. It also counts Siemens, a major supplier of technology in critical infrastructure such as power and nuclear plants, as a customer as well as VMware, a technology company that the National Security Agency warned on Dec. 7 was also being used by Russian hackers to break into networks.
Yaroslav Russkih, a JetBrains spokesman, said the company did not know whether its customers had been affected.
SolarWinds confirmed Wednesday that it used TeamCity software to assist with the development of its software and was investigating the software as part of its continuing investigation. The company said it had yet to confirm a definitive link between JetBrains and the breach and compromise of its own software.