• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

SolarWinds Hackers Also Accessed U.S. Justice Department's Email Server


Recommended Posts

SolarWinds Hackers

The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack.

"On December 24, 2020, the Department of Justice's Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others," DoJ spokesperson Marc Raimondi said in a short statement. "This activity involved access to the Department's Microsoft Office 365 email environment."

Calling it a "major incident," the DoJ said the threat actors who spied on government networks through SolarWinds software potentially accessed about 3% of the Justice Department's email accounts, but added there's no indication they accessed classified systems.

 

The disclosure comes a day after the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) issued a joint statement formally accusing an adversary "likely Russian in origin" for staging the SolarWinds hack.

The agencies described the entire SolarWinds operation as "an intelligence gathering effort."

The espionage campaign, which originated in March 2020, worked by delivering malicious code that piggybacked on SolarWinds network-management software to as many as 18,000 of its customers, although additional intrusive activity is believed to have been conducted only against select targets.

JetBrains denies involvement in SolarWinds hack

In a separate development, The New York Times, Reuters, and The Wall Street Journal reported intelligence bureaus are probing the possibility that JetBrains' TeamCity software distribution system was breached and "used as a pathway for hackers to insert back doors into the software of an untold number of technology companies."

TeamCity is a build management and continuous integration server offered by the Czech software development company. JetBrains counts 79 of the Fortune 100 companies as its customers, including SolarWinds.

 

But in a blog post published by its CEO Maxim Shafirov, the company denied being involved in the attack in any way, or that it was contacted by any government or security agency regarding its role in the security incident.

"SolarWinds is one of our customers and uses TeamCity, which is a Continuous Integration and Deployment System, used as part of building software," Shafirov said. "SolarWinds has not contacted us with any details regarding the breach and the only information we have is what has been made publicly available."

Shafirov also stressed that in the event if TeamCity had been used to compromise SolarWinds, it could be due to a misconfiguration, and not a specific vulnerability.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now