Law and water: Russia blamed for US court system break-in and Norwegian dam drama

Threat Score:
70
7 articles
100.0% similarity
1 day ago

Article Timeline

7 articles
Click to navigate
Aug 12
Aug 12
Aug 12
Aug 13
Aug 13
Aug 13
Aug 14
Oldest
Latest
Law and water: Russia blamed for US court system break-in and Norwegian dam drama

Key Insights

1
Investigators confirm that Russian actors are 'at least partly responsible' for the breach of the U.S. federal court filing system, compromising sensitive records including identity of witnesses and national security cases.
2
The attack exploited vulnerabilities in the court's Case Management/Electronic Case Files (CM/ECF) system, which is a patchwork of over 200 instances, many using outdated technology.
3
Reports indicate that the breach involved 'persistent and sophisticated cyber threat actors' who accessed sealed documents and possibly the court system's internal blueprint, as stated by U.S. Department of Justice officials.
4
The Administrative Office of the U.S. Courts confirmed the breach on August 5, 2025, which is believed to have been a 'years-long effort' to infiltrate the system.
5
Some of the compromised cases involved individuals with Russian and Eastern European surnames, suggesting targeted interest in specific cases, according to sources familiar with the investigation.
6
In response to the breach, federal courts are tightening procedures around the handling of sealed documents and advising immediate removal of the most sensitive files from the system.

Threat Overview

In a significant cybersecurity incident, investigators have determined that Russian hackers are 'at least partly responsible' for a breach of the U.S. federal court filing system, compromising sensitive documents and potentially endangering national security. The breach was confirmed by the Administrative Office of the U.S. Courts on August 5, 2025, revealing that the attackers exploited vulnerabilities in the Case Management/Electronic Case Files (CM/ECF) system, which is used for filing motions and submitting evidence in federal cases. According to U.S. Department of Justice officials, the compromised records included sealed documents and witness identities, with some of the searches reportedly targeting midlevel criminal cases in New York City and other jurisdictions. Investigations suggest that the attack may have been a 'years-long effort' involving sophisticated cyber threat actors, as indicated by internal memos reviewed by The New York Times. The system, which comprises more than 200 locally run instances, has been criticized for its outdated technology, with many components dating back to when Windows XP was still in use. Experts have noted that the attackers were able to access the system through vulnerabilities that had existed since 2020. 'This remains an URGENT MATTER that requires immediate action,' stated officials in the memo, urging quick removal of the most sensitive documents. Federal courts are now implementing tighter security protocols for handling sealed documents in light of the breach. Some reports indicate that the compromised cases included individuals with Russian and Eastern European surnames, raising concerns about targeted espionage efforts. The investigation continues as officials assess the full scope of the breach and its implications for national security.

Tactics, Techniques & Procedures (TTPs)

T1190
Exploit Public-Facing Application - Attackers exploited vulnerabilities in the CM/ECF system to gain unauthorized access to sensitive documents and records [1][3].
T1071.001
Application Layer Protocol: Web Protocols - The attackers likely utilized web protocols for communication with compromised systems [2][4].
T1583.001
Acquire Infrastructure: Domain Names - Potential use of domain names to facilitate the attack and maintain persistence [5].
T1552.001
Unsecured Credentials: Credentials in Files - Attackers may have accessed unsecured credentials stored in the court system [6].
T1086
PowerShell - Possible use of PowerShell scripts to automate data extraction from the compromised system [6].
T1036
Masquerading - The attackers might have disguised their activities to avoid detection in the court's system [4].
T1070.001
Indicator Removal on Host: File Deletion - Deletion of logs or sensitive files post-exploitation to cover tracks [3][5].

Timeline of Events

2025-08-05
The Administrative Office of the U.S. Courts confirms the breach of the federal court filing system [1].
2025-08-06
Internal memos reveal the extent of the breach, urging immediate action to secure sensitive documents [4].
2025-08-10
Investigators begin linking the breach to Russian cyber actors based on analysis of the attack patterns [2].
2025-08-12
Reports emerge detailing the types of sensitive documents accessed, including sealed records and witness identities [5].
2025-08-13
The New York Times publishes findings on the breach, detailing the years-long effort by Russian hackers [4].
2025-08-14
Federal courts announce tightened procedures for handling sealed documents in response to the breach [6].
Ongoing
Investigations continue to assess the full impact and implications of the breach on national security [2][3].

Source Citations

expert_quotes: {'Investigative sources': 'Article 2', 'U.S. Department of Justice': 'Article 4', 'Administrative Office of the U.S. Courts': 'Article 1'}
primary_findings: {'Breach confirmation': 'Articles 1, 2', 'Evidence linking to Russia': 'Articles 4, 5', 'Details on compromised documents': 'Articles 3, 6'}
technical_details: {'Exploitation methods': 'Articles 1, 3, 5', 'System vulnerabilities': 'Articles 2, 4'}
Powered by ThreatCluster AI
Generated 10 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

7 articles
1
Law and water: Russia blamed for US court system break-in and Norwegian dam drama

Law and water: Russia blamed for US court system break-in and Norwegian dam drama

Theregister 10 hours ago

Cyber-crime Law and water: Russia blamed for US court system break-in and Norwegian dam drama Moscow-linked miscreants accused of swiping sealed US court files and fiddling with a Norwegian dam’s floodgates Russian attackers reportedly spent months rummaging through the US federal court's creaky case-management system, while Norway reckons the same Kremlin-friendly miscreants took control of a dam's controls – a transatlantic double-act in legal files and floodgates. The attack on Washington's s

Score
71
100.0% similarity
Read more
4

Russia Accused of Hacking Sensitive US Court Filing System

Data Breach Today UK 2 days ago

US Reportedly Blames Kremlin for Major Breach Affecting Court Management System U.S. Department of Justice officials were reportedly recently informed that "persistent and sophisticated cyberthreat actors have recently compromised sealed records" in a widespread attack on a court management system containing sensitive records with potential national security implications.

Score
54
95.0% similarity
Read more
5
Russia might be responsible for the PACER hack

Russia might be responsible for the PACER hack

The Verge 2 days ago

LawCloseLawPosts from this topic will be added to your daily email digest and your homepage feed.PlusFollowSee AllLaw Law Posts from this topic will be added to your daily email digest and your homepage feed. See AllLaw NewsCloseNewsPosts from this topic will be added to your daily email digest and your homepage feed.PlusFollowSee AllNews News Posts from this topic will be added to your daily email digest and your homepage feed. See AllNews PolicyClosePolicyPosts from this topic will be added to

Score
52
90.0% similarity
Read more
6

Russia Is Suspected to Be Behind Breach of Federal Court Filing System

Databreaches 1 day ago

Adam Goldman, Glenn Thrush, and Mattathias Schwartz report: Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents, including highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on... Source

Score
51
100.0% similarity
Read more
7

Russia Is Suspected To Be Behind Breach of Federal Court Filing System

Slashdot 1 day ago

ole_timer shares a report from the New York Times: Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents, including highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on the breach. It is not clear what entity is responsible, whether an arm of Russian intelligence might be behind the intrusi

Score
50
95.0% similarity
Read more