Hackers, allegedly Russian, breached the federal judiciary’s case management system, exploiting unpatched vulnerabilities that had persisted for at least five years. The attack resulted in the theft of **sealed case data**, including **national security documents** (potentially exposing sources/methods) and **criminal investigative records** (risking witness safety or suspect evasion). The breach may have allowed adversaries to lurk undetected for years, compromising highly sensitive information entrusted to the courts. The judiciary’s response was criticized for **lack of transparency**, **delayed adoption of phishing-resistant multi-factor authentication**, and **failure to enforce mandatory cybersecurity standards**, with Senator Ron Wyden accusing the institution of **negligence, incompetence, and covering up past incidents**—including a 2020 intrusion by three foreign actors that remains undisclosed. The attack underscores systemic vulnerabilities in an entity responsible for safeguarding critical legal and intelligence data, posing risks to **national security, justice processes, and public trust**.
TPRM report: https://www.rankiteo.com/company/administrative-office-of-the-united-states-courts
"id": "adm742082525",
"linkid": "administrative-office-of-the-united-states-courts",
"type": "Breach",
"date": "6/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'judicial/government',
'location': 'United States',
'name': 'Administrative Office of the U.S. Courts',
'type': 'federal agency'}],
'attack_vector': ['exploitation of unpatched vulnerabilities',
'persistent access (potentially years)',
'weak multifactor authentication'],
'data_breach': {'data_exfiltration': 'Confirmed (stolen sealed case data)',
'sensitivity_of_data': 'High (includes classified/national '
'security and legally sensitive '
'materials)',
'type_of_data_compromised': ['sealed court records',
'national security documents',
'criminal investigative files']},
'date_publicly_disclosed': '2024-08-07',
'description': 'Hackers, allegedly Russian, breached and stole sealed case '
'data from federal district courts dating back to at least '
'July 2024, exploiting vulnerabilities left unfixed for five '
'years. The breach follows a 2020 intrusion by three hostile '
'foreign actors, which remains undisclosed in detail. Sen. Ron '
'Wyden accused the judiciary of negligence, incompetence, and '
'covering up failures, urging Chief Justice John Roberts to '
'seek an independent review by the National Academy of '
"Sciences. The judiciary's slow adoption of "
'non-phishing-resistant multifactor authentication and lack of '
'accountability were highlighted as key issues. The '
'Administrative Office of the U.S. Courts acknowledged the '
'attack but provided vague details about remediation efforts.',
'impact': {'brand_reputation_impact': ['eroded public trust in federal '
"judiciary's cybersecurity",
'accusations of negligence/cover-up by '
'Sen. Wyden'],
'data_compromised': ['sealed case data',
'potential national security documents',
'criminal charging/investigative documents'],
'operational_impact': ['compromised confidentiality of sensitive '
'legal proceedings',
'risk to sources/methods in national '
'security cases',
'potential witness/defendant endangerment'],
'systems_affected': ['federal district court case management '
'system']},
'initial_access_broker': {'entry_point': ['unpatched vulnerabilities in case '
'management system'],
'high_value_targets': ['sealed criminal cases',
'national security '
'documents'],
'reconnaissance_period': 'Potentially years '
"(hackers may have 'lurked "
"in systems for years')"},
'investigation_status': 'Ongoing (Sen. Wyden demands independent review; '
'judiciary response vague)',
'lessons_learned': ['Delayed adoption of phishing-resistant MFA creates '
'critical vulnerabilities.',
'Lack of transparency with Congress/public exacerbates '
'reputational damage.',
'Independent oversight may be necessary for federal '
'judiciary cybersecurity.',
'Unpatched vulnerabilities (even years old) remain '
'high-risk targets.'],
'motivation': ['cyberespionage',
'national security compromise',
'potential witness/defendant targeting'],
'post_incident_analysis': {'root_causes': ['Failure to patch known '
'vulnerabilities for ~5 years.',
'Inadequate multifactor '
'authentication '
'(non-phishing-resistant).',
'Lack of mandatory cybersecurity '
'requirements for the judiciary.',
'Culture of secrecy/cover-up '
'(e.g., undisclosed 2020 breach).',
'Slow response to escalating '
'threats (e.g., 2020 and 2024 '
'intrusions by same actors).']},
'recommendations': ['Mandate phishing-resistant multifactor authentication '
'across all federal court systems.',
'Conduct an independent cybersecurity audit (e.g., by '
'National Academy of Sciences).',
'Implement mandatory cybersecurity requirements for the '
'judiciary (currently voluntary).',
'Disclose details of the 2020 intrusion and other past '
'breaches to restore accountability.',
'Accelerate patch management for critical vulnerabilities '
'in case management systems.'],
'references': [{'date_accessed': '2024-08-19',
'source': "Sen. Ron Wyden's letter to Chief Justice John "
'Roberts'},
{'date_accessed': '2024-08-07',
'source': 'Administrative Office of the U.S. Courts public '
'statement'},
{'source': '2020 House Judiciary Chair Jerrold Nadler '
'disclosure (referenced by Wyden)'}],
'regulatory_compliance': {'legal_actions': ["Sen. Wyden's call for "
'independent review by National '
'Academy of Sciences'],
'regulations_violated': ['potential violations of '
'federal cybersecurity '
'mandates (unspecified)',
'failure to meet basic '
'cybersecurity best '
'practices']},
'response': {'communication_strategy': ['public statement on 2024-08-07 '
'(limited details)',
'no response to 2020 intrusion '
'disclosure'],
'incident_response_plan_activated': "Yes (vague 'steps to "
"improve cybersecurity' "
'mentioned)',
'third_party_assistance': ['collaboration with Congress',
'federal agencies (unspecified)']},
'threat_actor': 'Alleged Russian hackers (same group linked to a prior 2020 '
'intrusion)',
'title': 'Federal Court Cybersecurity Breach Involving Sealed Case Data',
'type': ['data breach', 'cyberespionage', 'unauthorized access'],
'vulnerability_exploited': 'Unpatched vulnerabilities in the case management '
'system (left unfixed for ~5 years)'}