Skip to main content

U.S. federal court system cyberattack is worse than previously thought

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by TechRadar, the attack itself was confirmed in January 2021 via a hearing from the judiciary committee, with its chairman Jerrold Nadler stating that a data breach was indeed successfully carried out by threat actors.

Upon further investigation, it seems the cybersecurity event was considerably more impactful than the government initially discovered.

Nadler stressed that the committee only started to uncover the “startling breadth and scope of the court’s Document Management System security failure” in March 2022.

“And perhaps even more concerning is the disturbing impact the security breach had on pending civil and criminal litigation, as well as ongoing national security or intelligence matters,” he continued.

He also stated that the hack has resulted in “lingering impacts on the department and other agencies.”

An official from the justice department was questioned about what sort of investigations, types of cases, and attorneys were affected most by the breach. However, the individual could not provide an adequate answer. “This is, of course, a significant concern for us given the nature of information often held by the courts,” he added.

A digital depiction of a laptop being hacked by a hacker.
Digital Trends

Another government figure, Sheila Jackson Lee, asserted that the discovery of the actual impact of the attack is a “dangerous set of circumstances.” Lee said that the justice department should share more information on the matter, such as the number of cases that have been influenced in any capacity, in addition to how many of these cases were outright dismissed.

TechRadar highlights how this specific cybersecurity incident is reportedly not related to the SolarWinds attack, even though they both materialized around the same time during 2020.

For reference, the SolarWinds attack has gone down in history as among the most impactful supply chain cyber attacks ever. The group and individuals behind the incident managed to extract Microsoft 365 login credentials from SolarWinds employees via phishing methods, as detailed by TechRadar.

An exposed patch was then deployed by the threat actors to hundreds of thousands of endpoints, which saw government agencies and several technology giants bearing the brunt of the impact.

In related governmental cybersecurity news, a bug bounty program revealed how one of the largest departments of the U.S. government — Homeland Security — discovered over 100 security vulnerabilities within external DHS systems.

Editors' Recommendations

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more