U.S. attorneys' offices' Microsoft 365 accounts fell victim to SolarWinds attack

News
By published

The hackers behind the SolarWinds attack gained access to data from 27 U.S. Attorneys' offices.

Surface Laptop Keyboard
Surface Laptop Keyboard (Image credit: Windows Central)

What you need to know

  • The U.S. Department of Justice shared information on the scope of the SolarWinds attacks.
  • 27 U.S. Attorneys' offices had at least one employee with a compromised Microsoft 365 account.
  • At least 80% of employees working in the Eastern, Northern, Southern, and Western Districts of New York U.S. Attorneys' offices had accounts compromised.

"The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts," says the U.S. Department of Justice."

It's believed that attackers had access to compromised accounts from approximately May 7 to December 27, 2020.

The U.S. Department of Justice shared a long list of offices that had one or more employees with Microsoft 365 accounts compromised in connection to the SolarWinds attacks:

  • Central District of California
  • Northern District of California
  • District of Columbia
  • Northern District of Florida
  • Middle District of Florida
  • Southern District of Florida
  • Northern District of Georgia
  • District of Kansas
  • District of Maryland
  • District of Montana
  • District of Nevada
  • District of New Jersey
  • Eastern District of New York
  • Northern District of New York
  • Southern District of New York
  • Western District of New York
  • Eastern District of North Carolina
  • Eastern District of Pennsylvania
  • Middle District of Pennsylvania
  • Western District of Pennsylvania
  • Northern District of Texas
  • Southern District of Texas
  • Western District of Texas
  • District of Vermont
  • Eastern District of Virginia
  • Western District of Virginia
  • Western District of Washington

Microsoft President Brad Smith said that the SolarWinds attack was probably "the largest and most sophisticated attack the world has ever seen." The attack targeted private businesses and government agencies. Attackers were able to exploit vulnerabilities in the SolarWinds Orion software to gain access to data.

Previously, Microsoft identified 40 of its customers that were targeted by the SolarWinds attack. The U.S. Department of Justice has accused Russia of being behind the attack.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.