A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.
This statement is a stark difference from the one initially provided when the situation occurred in 2020.
As reported by TechRadar, the attack itself was confirmed in January 2021 via a hearing from the judiciary committee, with its chairman Jerrold Nadler stating that a data breach was indeed successfully carried out by threat actors.
Upon further investigation, it seems the cybersecurity event was considerably more impactful than the government initially discovered.
Nadler stressed that the committee only started to uncover the “startling breadth and scope of the court’s Document Management System security failure” in March 2022.
“And perhaps even more concerning is the disturbing impact the security breach had on pending civil and criminal litigation, as well as ongoing national security or intelligence matters,” he continued.
He also stated that the hack has resulted in “lingering impacts on the department and other agencies.”
An official from the justice department was questioned about what sort of investigations, types of cases, and attorneys were affected most by the breach. However, the individual could not provide an adequate answer. “This is, of course, a significant concern for us given the nature of information often held by the courts,” he added.
Another government figure, Sheila Jackson Lee, asserted that the discovery of the actual impact of the attack is a “dangerous set of circumstances.” Lee said that the justice department should share more information on the matter, such as the number of cases that have been influenced in any capacity, in addition to how many of these cases were outright dismissed.
TechRadar highlights how this specific cybersecurity incident is reportedly not related to the SolarWinds attack, even though they both materialized around the same time during 2020.
For reference, the SolarWinds attack has gone down in history as among the most impactful supply chain cyber attacks ever. The group and individuals behind the incident managed to extract Microsoft 365 login credentials from SolarWinds employees via phishing methods, as detailed by TechRadar.
An exposed patch was then deployed by the threat actors to hundreds of thousands of endpoints, which saw government agencies and several technology giants bearing the brunt of the impact.
In related governmental cybersecurity news, a bug bounty program revealed how one of the largest departments of the U.S. government — Homeland Security — discovered over 100 security vulnerabilities within external DHS systems.
