The U.S. Department of Justice confirmed on Wednesday that it had been the victim of a massive hacking operation linked to Russian intelligence.
In a statement, Justice Department spokesman Marc Raimondi said about 3% of the agency’s email accounts appeared to have been compromised, although no classified information was accessed.
“After learning of the malicious activity, the Office of Chief Information Officer eliminated the identified method by which the actor was accessing the ... email environment,” Raimondi said.
Raimondi said the department learned about the previously unknown hack on its networks on Christmas Eve and determined that it constituted a “major” security incident.
The disclosure came a day after U.S. intelligence agencies said that the hack was part of an ongoing intelligence operation and likely being carried out by Russia.
The hack came to light in early December when private cybersecurity firm FireEye disclosed that its networks had been compromised. Investigators have traced the breach to SolarWinds, a Texas-based network management software company that the hackers used to penetrate the computer networks.
In a statement Tuesday, the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) said that of the approximately 18,000 SolarWinds customers impacted by the hack, “a much smaller number has been compromised by follow-on activity on their systems.”
“We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted,” the agencies said.
Officials had previously confirmed that the departments of Defense, Treasury, State, Homeland Security, Commerce and Energy were impacted. Among targeted businesses were Microsoft and Amazon.
U.S. President Donald Trump has faced criticism for failing to respond to the alleged Russian hacking operation and for suggesting that China may have been responsible.
The National Security Council has set up a task force made up of intelligence agencies to investigate and remediate the attack.
“At this time, we believe this was, and continues to be, an intelligence gathering effort,” the agencies said in a statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”