Security Experts:

Connect with us

Hi, what are you looking for?



Probe Launched Into Impact of SolarWinds Breach on Federal Courts

An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers.

An investigation has been launched into the impact of the SolarWinds breach on the computer systems used by federal courts in the United States, which reportedly represented a target of interest to the hackers.

The Administrative Office (AO) of the U.S. Courts said an investigation was launched in mid-December after the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing all federal agencies to immediately analyze their systems for evidence indicating that they may have been targeted through the Orion monitoring tool developed by SolarWinds.

The judiciary ordered all local and national courts to stop using the Orion software, but it may have been too late as the attackers could have already accessed highly sensitive information, including sealed documents.

A majority of the documents in the federal court system are available to the public, either for free or a small fee, but sealed filings often contain sensitive information that should not be made public.

“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing,” the public was told on Wednesday.

The judiciary announced that it has started rolling out additional safeguards to protect sensitive court records — highly sensitive court documents will only be accepted by federal courts on paper or via an electronic device such as a thumb drive, and they will be stored on a secure stand-alone computer rather than the CM/ECF system.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

Investigative journalist Brian Krebs said he learned from sources that federal courts were actually “hit hard” by the SolarWinds breach, with the attackers delivering a piece of malware named Teardrop to its systems.

The threat group behind the SolarWinds supply chain attack, which the U.S. government believes is backed by Russia, leveraged trojanized updates for the Orion software to deliver a piece of malware named Sunburst to the Texas-based company’s customers. While the Sunburst malware has been delivered to thousands of organizations, the Teardrop malware was likely only sent by the attackers to a few hundred victims that were considered important targets.

The potential impact of the SolarWinds hack on federal courts was announced on the same day the U.S. Justice Department announced that it too was hit and the attackers may have accessed some Microsoft 365 email accounts. The DoJ claimed there was no evidence that classified systems were compromised.

Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Cyberattack Hit Key US Treasury Systems: Senator

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.