Connect with us

Hi, what are you looking for?



Probe Launched Into Impact of SolarWinds Breach on Federal Courts

An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers.

An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers.

The Administrative Office (AO) of the U.S. Courts said an investigation was launched in mid-December after the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing all federal agencies to immediately analyze their systems for evidence indicating that they may have been targeted through the Orion monitoring tool developed by SolarWinds.

The judiciary ordered all local and national courts to stop using the Orion software, but it may have been too late as the attackers could have already accessed highly sensitive information, including sealed documents.

A majority of the documents in the federal court system are available to the public, either for free or a small fee, but sealed filings often contain sensitive information that should not be made public.

“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing,” the public was told on Wednesday.

The judiciary announced that it has started rolling out additional safeguards to protect sensitive court records — highly sensitive court documents will only be accepted by federal courts on paper or via an electronic device such as a thumb drive, and they will be stored on a secure stand-alone computer rather than the CM/ECF system.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

Investigative journalist Brian Krebs said he learned from sources that federal courts were actually “hit hard” by the SolarWinds breach, with the attackers delivering a piece of malware named Teardrop to its systems.

Advertisement. Scroll to continue reading.

The threat group behind the SolarWinds supply chain attack, which the U.S. government believes is backed by Russia, leveraged trojanized updates for the Orion software to deliver a piece of malware named Sunburst to the Texas-based company’s customers. While the Sunburst malware has been delivered to thousands of organizations, the Teardrop malware was likely only sent by the attackers to a few hundred victims that were considered important targets.

The potential impact of the SolarWinds hack on federal courts was announced on the same day the U.S. Justice Department announced that it too was hit and the attackers may have accessed some Microsoft 365 email accounts. The DoJ claimed there was no evidence that classified systems were compromised.

Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Cyberattack Hit Key US Treasury Systems: Senator

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...