The US Department of Justice confirms that the hackers behind the SolarWinds supply chain attack targeted its IT systems, where they escalated access from the trojanized SolarWinds Orion app to move across its internal network and access the email accounts of some of its employees.
“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent, and we have no indication that any classified systems were impacted,” DOJ spokesperson Marc Raimondi said in a short press release.
With DOJ employee numbers estimated at around 100,000 to 115,000, the number of impacted DOJ employees is currently believed to be between 3,000 and 3,450. The DOJ said it has now blocked the attacker’s point of entry.