Cyber Incident Victim: United States Department of Justice

The United States Department of Justice disclosed on December 24, 2020, that its Office 365 email system had been compromised by attackers linked to the SolarWinds supply chain intrusion campaign. The breach, attributed to hackers suspected of acting on behalf of the Russian government, was detected nine days after the broader campaign first became publicly known on December 15. Attackers gained unauthorized access to the department’s Microsoft Office 365 environment, enabling them to read internal emails. The Justice Department’s spokesman, Marc Raimondi, confirmed the intrusion in a brief statement but did not specify the exact duration of unauthorized access or the number of accounts affected. This incident formed part of a coordinated espionage operation targeting multiple U.S. federal agencies through compromised SolarWinds Orion software updates.

The breach impacted the confidentiality of Justice Department communications, with adversaries exfiltrating email content. No evidence suggested tampering with or deletion of data, but the compromise exposed sensitive correspondence. The department joined other federal entities confirming intrusions tied to the SolarWinds campaign, though its statement provided no details on containment measures, forensic findings, or operational disruptions. Public acknowledgment occurred through Raimondi’s announcement, which emphasized ongoing investigations without elaborating on remediation steps. The incident underscored the campaign’s breadth, affecting critical government IT infrastructure despite delayed detection timelines relative to the initial campaign disclosure.