Marc Raimondi, a spokesman for the Department of Justice (DOJ), said the DOJ’s office of the chief information officer has stopped the method the threat actor uses to access the department’s Microsoft O365 email environment after learning of the malicious activity related to the SolarWinds cyber incident on Dec. 24th.
“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted,” Raimondi said in a statement published Wednesday.
In mid-December, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive directing all federal civilian agencies to mitigate a compromise that threat actors are exploiting in SolarWinds’ Orion Network Management products.
Raimondi said DOJ has classified the activity as a major cyber incident under the Federal Information Security Modernization Act and has begun to initiate measures.
“The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted,” he added.