This post is also available in:
עברית (Hebrew)
New details have emerged suggesting Russian-linked hackers may be behind a serious cyber intrusion into the U.S. federal judiciary’s electronic case filing system. According to reports by the New York Times, the breach appears to have compromised sensitive criminal case data across several jurisdictions, prompting urgent countermeasures by court authorities.
The attack, disclosed on August 7th, has been under investigation by U.S. federal agencies. Officials now believe the breach may have allowed unauthorized access to sealed legal documents, including files related to national security and criminal investigations. The case management system affected – known as CM/ECF (Case Management/Electronic Case Files) – is used by attorneys and judges to upload and manage court records.
According to individuals briefed on the matter, the breach focused on criminal cases in at least eight district courts, including New York City. In several instances, the compromised files reportedly involved individuals with Russian or Eastern European surnames, likely raising suspicions about targeted data gathering by foreign actors.
While attribution remains complex, the breach has been described by officials as a “sophisticated and persistent” campaign, possibly spanning several years. It remains unclear whether Russian intelligence agencies such as the FSB or GRU and their cyber units were directly involved.
The timing of the disclosure coincides with a planned diplomatic meeting between the presidents of the U.S. and Russia, although it’s not clear whether the incident will influence those discussions.
In response to the breach, federal courts are taking steps to move particularly sensitive records offline and tightening access controls. Some judges have already ordered critical files to be stored on isolated systems, away from the primary network. Additional access restrictions and enhanced monitoring procedures are being implemented across multiple districts.
The judiciary acknowledged that such documents can be “targets of interest to a range of threat actors,” and emphasized that protecting national security information remains a top priority as the investigation continues.
