Saturday, April 19, 2025
HomeCyber Security NewsSolarWinds Actors Hacked 27 State Attorneys’ Offices in the U.S.

SolarWinds Actors Hacked 27 State Attorneys’ Offices in the U.S.

Published on

SIEM as a Service

Follow Us on Google News

The Justice Department has claimed recently, that the threat actors behind SolarWinds cyberattack have managed to hack 27 state attorneys’ offices in the U.S. and gained access to the email accounts of their employees.

The Justice Department has acknowledged that at least 80% of employees of the department who were using Microsoft 365 accounts were compromised in this fresh cyber attack event.

And all these 80% employees mainly belong to the offices located in the:-

- Advertisement - Google News
  • Eastern Districts of New York
  • Northern Districts of New York
  • Southern Districts of New York
  • Western Districts of New York

However, the Office of the Chief Information Officer identified the malicious activity and immediately terminated the method employed by the hackers to gain access to the data of the employees of the department.

Even, the department also notified the federal agencies, Congress, and the public as warranted according to the FISMA protocol.

Moreover, to reinforce homeland flexibility and make more transparency the Justice Department has also provided additional details about the SolarWinds cyberattack that took place in December 2020.

Compromised State Attorney Offices

Here we have mentioned the full list of compromised state attorney offices below:-

  1. Central District of California
  2. Northern District of California
  3. District of Columbia
  4. Northern District of Florida
  5. Middle District of Florida
  6. Southern District of Florida
  7. Northern District of Georgia
  8. District of Kansas
  9. District of Maryland
  10. District of Montana
  11. District of Nevada
  12. District of New Jersey
  13. Eastern District of New York
  14. Northern District of New York
  15. Southern District of New York
  16. Western District of New York
  17. Eastern District of North Carolina
  18. Eastern District of Pennsylvania
  19. Middle District of Pennsylvania
  20. Western District of Pennsylvania
  21. Northern District of Texas
  22. Southern District of Texas
  23. Western District of Texas
  24. District of Vermont
  25. Eastern District of Virginia
  26. Western District of Virginia
  27. Western District of Washington

While the employees whose accounts were breached in this cyber attack are guided by the U.S. Attorneys’ Executive Office. 

Apart from this, the security experts have asserted that the threat actors have used other methods along with the SolarWinds breach method to hack the U.S. federal government’s 9 agencies and other 100 private companies.

During that time frame, the security analysts identified that the hacked data includes the following things:-

  • All sent emails
  • All received emails
  • All stored emails
  • All email attachments

However, the Justice Department has acknowledged that they are continuing their investigation, and will continue to provide all the necessary guides and mitigations to evade and block such security breaches.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

How to Conduct a Cloud Security Assessment

Cloud adoption has transformed organizations' operations but introduces complex security challenges that demand proactive...

U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a...