Russia is suspected to be behind breach of federal court filing system

Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents, including highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on the breach.

It is not clear what entity is responsible, whether an arm of Russian intelligence might be behind the intrusion or if other countries were also involved, which some of the people familiar with the matter described as a yearslong effort to infiltrate the system. Some of the searches included midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames.

The disclosure comes as President Donald Trump is expected to meet with his Russian counterpart, Vladimir Putin, in Alaska on Friday, where Trump is planning to discuss his push to end the war in Ukraine.

Administrators with the court system recently informed Justice Department officials, clerks and chief judges in federal courts that “persistent and sophisticated cyber threat actors have recently compromised sealed records,” according to an internal department memo reviewed by the New York Times. The administrators also advised those officials to quickly remove the most sensitive documents from the system.

“This remains an URGENT MATTER that requires immediate action,” officials wrote, referring to guidance that the Justice Department had issued in early 2021 after the system was first infiltrated.

Documents related to criminal activity with an overseas tie, across at least eight district courts, were initially believed to have been targeted. Last month, the chief judges of district courts across the country were quietly warned to move those kinds of cases off the regular document-management system, according to officials briefed on the request. They were initially told not to discuss the matter with other judges in their districts.

In recent weeks, judges of the Eastern District of New York have been taking corrective measures. On Friday, the chief judge of the district, Margo K. Brodie, issued an order prohibiting the uploading of sealed documents to PACER, the searchable public database for documents and court dockets. Ordinarily, sealed documents would be uploaded to the database, but behind a wall, in theory preventing people without the proper authority from seeing them. Now those sensitive documents will be uploaded to a separate drive, outside PACER.

A Justice Department spokesperson declined to comment.

Federal officials are scrambling to determine the patterns of the breach, assess the damage and address flaws in a sprawling, heavily used computer system long known to have serious vulnerabilities that could be exploited by foreign adversaries.

Last week, administrators with the U.S. court system publicly announced they were taking additional steps to protect the network, which includes the Case Management/Electronic Case Files system used to upload documents and PACER.

They did not address the origin of the attack, or what files had been compromised. The breach also included federal courts in South Dakota, Missouri, Iowa, Minnesota and Arkansas, said an official who requested anonymity to discuss a continuing investigation.

“Sensitive documents can be targets of interest to a range of threat actors,” the authors of last week’s notice wrote. “To better protect them, courts have been implementing more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances.”

Concerns about the hacking of the courts’ electronic filing system predate this summer. The courts announced in January 2021 that there had been a cyberattack but did not name Russia.

Former federal law enforcement officials said Russia was behind that hacking. It was not clear if other countries also exploited vulnerabilities in the system, but the former officials described the breach as extremely serious.

After the announcement in 2021, federal investigators were told to take significant precautions to mitigate the intrusion. That meant hand-delivering search warrants with potential source information to the courts and filing sensitive complaints or indictments by hand — at least in some districts, particularly in the Southern District of New York, where prosecutors were encouraged to file documents on paper.

Former Justice Department officials said their efforts to keep filings secret, while an improvement, did not entirely mitigate the risk given the vast scale of the system and complexity of the cases.

The courts had already begun taking defensive measures by the spring of last year, according to two court officials. Judges were barred from gaining access to internal court filing systems while traveling overseas, and were sometimes given burner phones and new email addresses to communicate with their own chambers and court clerks. And in May, the Administrative Office of the U.S. Courts announced that it would institute multifactor authentication to gain access to the system.

Matthew Olsen, then the director of the Justice Department’s national security division, later testified that he was working with court officials to address cybersecurity issues in the courts — but downplayed the effect on cases his unit was investigating.