Foreign Hackers Said to Access Sealed National Security Cases

A foreign adversary targeted sealed documents in espionage and other sensitive cases in a breach of the federal judiciary’s case management system, according to three people familiar with the matter.

The hackers, who eyed trial courts in at least three federal circuits, accessed documents in pending, active, and past cases, one person said. Cases targeted included those involving fraud, money laundering, and agents of foreign governments, that person said. Sealed documents in other types of cases were also targeted, another person said.

Cartels are not thought to be behind the breach, two people said. The second person said courts are still concerned about such organized crime syndicates accessing other sensitive details like the identities of confidential informants.

The first person said the foreign adversary behind the breach had escalated its activity more recently, with judiciary officials first noting it around the July 4th holiday.

The judiciary also described the attacks in its Aug. 7 news release as “recent escalated cyberattacks of a sophisticated and persistent nature on its case management system.”

The New York Times reported Tuesday that Russia was at least in part behind the cyberattack. Politico first reported some other details of the breach.

A spokesperson for the Administrative Office of the US Courts, Peter Kaplan, said he had nothing to add to a statement the office made last week about strengthening cybersecurity.

A Department of Justice spokesperson, Shannon Shevlin, said the agency isn’t able to discuss ongoing investigations. The FBI referred a request for comment to DOJ.

Nation-state actors “often target sensitive legal and intelligence information to gain strategic advantage,” said Cynthia Kaiser, a former FBI cyber official with the cybersecurity firm Halcyon. She said any information they gather not only helps the hackers themselves but can “equip the criminal groups they protect.”

“That intelligence can help those criminals adapt their tactics, avoid detection, and more effectively target victims around the world,” Kaiser said.

Court Protocols

More than a dozen federal courts across seven circuits have updated their procedures for attorneys filing highly sensitive and sealed documents since June, according to a Bloomberg Law review of district court orders.

They include the US District Court for the Eastern District of Virginia, which is known for handling high-profile national security cases, including those against WikiLeaks founder Julian Assange and whistleblower Edward Snowden.

The Eastern District of Virginia’s July 29 order said that in response to recent cyberattacks against the judiciary, and on the advice of information technology specialists, all sealed documents should be treated as highly sensitive and submitted as hard copies.

Federal courts in Brooklyn, Manhattan, San Francisco, and Miami also updated their sensitive document procedures this summer.

It’s unclear when courts were notified of the latest attack or the type of information the perpetrators were able to access.

Dozens of courts had updated or implemented guidance for sensitive documents in early 2021 following the announcement of the SolarWinds cyberattack, which also targeted the federal judiciary’s case management system as well as other US agencies. Many courts have continued updating their guidance in subsequent years.

The latest breach involves vulnerabilities related to the earlier attack, according to a person familiar with the matter. Multiple House and Senate committees have been briefed on the hack and have requested a follow-up classified briefing in September.

Of the at least 14 courts that updated procedures in 2025, 10 did so between late July and mid-August. The Southern District of Florida’s July 24 order mandating that sealed criminal documents be filed as hard copies said the change is in response to “cyberattacks that have been directed at the Judiciary’s IT systems, including our case management system.”

The judiciary said in its release last week that it is “taking additional steps to strengthen protections for sensitive case documents” in response to the attacks and “is prioritizing working with courts to mitigate the impact on litigants.”