For several years, a group of Russian hackers had access to the U.S. judicial system, specifically targeting and stealing classified materials related to espionage, money laundering, and the activities of foreign agents. As reported by Baltimore Chronicle with reference to Bloomberg, the hackers used stolen credentials and a vulnerability in the outdated federal court server system to access documents that were meant to be kept secret.
Investigators are confident that the attack was carried out by a group under the patronage of Russia, although the exact time of the breach and when U.S. authorities became aware of it remain unclear. One anonymous source noted that it was only in the fall of the previous year that courts hired a cybersecurity company to address the consequences of the attack.
The prolonged access to these materials raises serious concerns. Among the stolen documents were cases related to espionage, financial crimes, money laundering, and the activities of foreign agents. These materials, if they fall into the wrong hands, could be used for manipulation, blackmail, or sabotaging investigations. “These records are some of the most valuable documents held by the U.S. government,” said Jake Brown, former deputy national director for cybersecurity at the White House.
Additionally, the scandal comes in the context of preparations for a meeting between U.S. President Donald Trump and Russian President Vladimir Putin, where the end of the war in Ukraine is expected to be discussed. When journalists asked whether Trump would raise the topic of the cyberattack, he responded: “This is what they do. They’re good at it. We’re good at it, too. In fact, we’re better.”
The judicial authorities declined to comment, only noting that they are implementing additional security measures in response to “increased and complex cyberattacks.”
This is not the first major breach of the U.S. judicial system. In 2020, there was already a large data leak in which Russian hackers were also blamed, who used malicious code in the SolarWinds software. Last November, courts enlisted specialists from Unit 42 (Palo Alto Networks) to address the consequences of the latest attack. The work is expected to be completed by the end of 2024.
Earlier we wrote about major disruption at Aeroflot: hackers destroy servers and cancel flights.