Another victim of the massive Russia-inspired Solarwinds hack has come forward, with the US Department of Justice admitting that its email servers, powered by Microsoft 365, were hacked by the exploited software.

In a statement, the government department said up to 3% of its mailboxes were hacked.

“We have no indication that any classified systems were impacted,” DOJ spokesperson Marc Raimondi said on Wednesday.

More than 18,000 companies were hacked by the exploit, which involved the update mechanism of Solarwind’s Orion software, but hackers only followed up the exploit in a minority of the companies affected.

The FBI and NSA have both attributed the attack to an Advanced Persistent Threat (APT) actor, likely Russia.

The DOJ has declared the hack a major incident under the Federal Information Security Modernisation Act and said: “The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted.”

Microsoft has been involved in developing a killswitch for the Sunburst payload, but FireEye warns that hackers may have already used the malware to implant more persistent malware on the network which may be even harder to detect and eradicate.

