The US Justice Department has confirmed it is currently investigating a cyber security breach in the federal court system dating back to early 2020.
The system “faced an incredibly significant and sophisticated cyber security breach” that imposed “lingering impacts on the department and other [federal] agencies”, the department said.
It is the first public disclosure of the attack that is now more than two years old and separate from the massively disruptive SolarWinds Orion attack that was conducted by Russia-linked state-sponsored hackers.
The comments were made at a hearing on the oversight of the Justice Department National Security Division (NSD), by House Judiciary Committee Chair Jerrold Nadler on Thursday.
Nadler said the Committee “recently learned” about the attack in question, a timeline the Democrat-party representative for New York in Congress later clarified to be March 2022.
Responding to questioning from Nadler at the hearing, Assistant Attorney General for National Security Matthew Olsen said the NSD will provide updates to the Committee as the investigation continues.
Olsen later said that the impact of the cyber security breach on the federal court system did not affect any investigations of other cases that he could think of, despite an anonymous aide speaking to Politico, saying the “sweeping impact” it had on the department was “staggering”.
The breach discussed this week may refer to a disclosure on 6 January 2021 regarding a security incident affecting the judiciary’s case filing system, which “greatly” risked compromising “highly sensitive non-public documents”.
Following the incident, enhanced security procedures were introduced to the process. The compromised electronic filing system was not to be used and instead, highly sensitive documents were only filed in paper form or via a “secure electronic device, such as as a thumb drive, and stored in a secure standalone computer system".
It's currently unclear who is responsible for the early 2020 cyber attack and the full details of the impact on the department and other agencies are also unknown at this time.
Despite this, Olsen said his team is primarily tasked with investigating incidents conducted by foreign entities, usually involving countries such as Russia, China, Iran, and North Korea.
The US government has indicated that it has taken cyber security even more seriously in recent times, especially at a federal level, following a number of high-profile incidents in recent years.
The Biden administration classified ransomware attacks in the same category as terrorist incidents following the attack on Colonial Pipeline last year.
All federal agencies have also been told that they must patch their systems against a lengthy list of the most-exploited security vulnerabilities to minimise the potential impact of an attack on government processes.
