Russia-Linked Cyberattack Exposes Critical Vulnerabilities in Federal Court Systems

Breached Company

Breached Company

8 min read
Russia-Linked Cyberattack Exposes Critical Vulnerabilities in Federal Court Systems
Photo by Hansjörg Keller / Unsplash

Bottom Line Up Front: Russian government hackers have breached the U.S. federal judiciary's core electronic filing systems, potentially exposing confidential informant identities, sealed case documents, and sensitive law enforcement information across multiple states. This sophisticated attack highlights decades of cybersecurity neglect in critical judicial infrastructure.

The Breach: What Happened

The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times. Citing anonymous sources, the newspaper said Russia "is at least in part responsible" for the cyberattack, without saying what part of the Russian government is behind the hack. The hackers searched for "midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames," per the article.

The breach began quietly in late June 2025, targeting CM/ECF (Case Management/Electronic Case Files) and PACER (Public Access to Court Electronic Records), the core systems that store virtually every federal case file in the United States. The intrusion went undetected until around July 4th, when irregular activity was flagged. By then, attackers had already accessed multiple federal judicial districts. In at least one, the attack went beyond data theft. In that instance, at least a dozen official court dockets were altered.

Systems Compromised

The attack targeted two interconnected systems that form the backbone of federal court operations:

CM/ECF (Case Management/Electronic Case Files): Case Management/Electronic Case Files (CM/ECF) is the federal Judiciary's system that allows case documents, such as pleadings, motions, and petitions, to be filed with a court electronically. Legal professionals, trustees, and court officials use this system to manage virtually all federal case documents.

PACER (Public Access to Court Electronic Records): PACER, a system that gives the public limited access to the same data. While most documents are publicly accessible for a fee, the system also handles sealed and sensitive materials behind access controls.

CM/ECF currently contains, in aggregate, more than one billion retrievable documents spread among the 13 courts of appeals, 94 district courts, 90 bankruptcy courts, and other specialized tribunals.

Ukrainian Court Sentences FSB-Backed Hackers for Over 5,000 Cyberattacks on Critical Infrastructure
In a significant legal decision, a Ukrainian court has sentenced two Russian Federal Security Service (FSB)-backed hackers from the notorious Armageddon group in absentia for conducting more than 5,000 cyberattacks against Ukrainian institutions and critical infrastructure. The sentencing was announced by Ukraine’s State Security Service (SBU) on
Breached CompanyBreached Company

Scope and Impact

Geographic Reach

The breach also included federal courts in South Dakota, Missouri, Iowa, Minnesota and Arkansas, said an official who requested anonymity to discuss a continuing investigation. Chief judges from the federal courts in the 8th Circuit were briefed on the hack during last week's judicial conference in Kansas City, according to two people cited in the Politico story.

Sensitive Information at Risk

The most concerning aspect involves confidential informants and sealed case materials. Last week, Politico reported that hackers had broken into the federal judiciary's electronic case filing system, potentially accessing the identities of confidential informants, which are redacted and not publicly known, putting those people at risk of retaliation from the criminals they are helping authorities apprehend.

The majority of the documents filed with the US Federal Judiciary's electronic case management system are publicly available. However, some filings contain confidential and proprietary information that is sealed from the public. "These sensitive documents can be targets of interest to a range of threat actors.

The Attribution: Russia's Role

Investigators have uncovered evidence that Russia is at least in part responsible for a recent hack of the computer system that manages U.S. federal court documents, the New York Times reported on Tuesday, citing several people briefed on the breach.

The targeting appears deliberate and focused: Officials close to the investigation noted that initial attacks involved the targeting of criminal case files with overseas connections across eight or more district courts. This pattern suggests intelligence gathering rather than opportunistic cybercrime.

Notably, President Trump downplayed the significance when asked about the breach, "Are you surprised?" Trump said during a press event at the Kennedy Center, in Washington, D.C. "They hack in, that's what they do," he said about Russia. "They're good at it, we're good at it, we're actually better at it."

Legacy System Vulnerabilities

This breach underscores long-standing cybersecurity concerns about federal court infrastructure:

Aging Technology

Drawing from a deep dive by Wired, the hack exploited legacy code in CM/ECF, a system dating back to the 1990s, which lacks modern defenses against advanced persistent threats. CM/ECF was first implemented in 1996 in the Northern District of Ohio to handle a large number of asbestos cases.

Worked in the IT dept for Delaware federal court in early 2000's when the courts were still in the process of installing, configuring, and customizing their CM/ECF and PACER systems. At that time, it was all hands on deck for scanning all the old hard copies to pdf and linking them to correct case entries kept in the databases. Been an IT infrastructure engineer for two decades and found that most breaches occur because of the dependence on legacy systems and failure to keep systems updated in security.

Previous Warnings

The Senate Judiciary Committee has been briefed on the recent breach, which is related to the weaknesses involved in the 2020 intrusion into the federal courts system during the SolarWinds attack, which targeted the courts' electronic case systems, according to the person.

Earlier this year, U.S. Circuit Judge Amy St. Eve told lawmakers that years of underinvestment had left the judiciary system's IT systems vulnerable. "Many of them are no longer up to date with modern development standards or security protocols, leaving them expensive to operate, difficult to maintain, and at regular risk of either operational failure or compromising security breaches," she said.

Government Response

Immediate Actions

A judicial branch agency tasked with supporting federal courts announced Thursday the federal judiciary's electronic case filing system has faced escalating cyberattacks, prompting efforts to enhance security and protect sensitive documents.

In recent weeks, judges of the Eastern District of New York have been taking corrective measures. On Friday, the chief judge of the district, Margo K. Brodie, issued an order prohibiting the uploading of sealed documents to PACER, the searchable public database for documents and court dockets. Ordinarily, sealed documents would be uploaded to the database, but behind a wall, in theory preventing people without the proper authority from seeing them. Now those sensitive documents will be uploaded to a separate drive, outside PACER.

Cyber Attack on the International Criminal Court: What We Know So Far
Introduction The International Criminal Court (ICC) in The Hague recently confirmed that it was targeted in a cyber attack. The incident has raised concerns about the security of sensitive information stored by the ICC, which investigates and prosecutes crimes such as genocide and war crimes. This article delves into the
Breached CompanyBreached Company

Congressional Briefings

The Senate and House Judiciary Committees, along with representatives from the House and Senate Appropriations Committees and the Senate Judiciary Subcommittee on Federal Courts, received a staff-level briefing on this matter on July 23 and have requested a classified follow-up briefing in September, according to a Senate Judiciary Committee spokesperson.

Funding Concerns

House Republicans have proposed allocating $74 million next fiscal year for the court system's multiyear cybersecurity modernization plan. "Judiciary is a high value target for cyber criminals," Conrad told lawmakers. "We do require ongoing resources to secure and modernize our systems."

Trump’s $1 Billion Cyber Gambit: America’s Dangerous Shift from Defense to Offense
A Seismic Strategic Realignment in U.S. Cybersecurity In a move that has sent shockwaves through the cybersecurity community, the Trump administration has committed $1 billion over the next four years on what it calls “offensive cyber operations” while simultaneously slashing defensive cyber budgets by an equivalent amount. This represents
Security Careers HelpSecurity Careers

Broader Implications

Pattern of Attacks

This incident represents an escalation in targeting U.S. judicial systems. By the late 2010s, the attacks grew more sophisticated. State-sponsored actors began probing CM/ECF, sometimes as part of larger breaches targeting federal agencies. The most notable came in 2020, when the judiciary acknowledged a "significant compromise" linked to the SolarWinds supply-chain attack.

National Security Concerns

The ability to access sealed court documents poses significant national security risks, particularly for ongoing investigations involving foreign actors, organized crime, and terrorism cases. The alteration of official court dockets represents an unprecedented escalation that threatens the integrity of the judicial record itself.

Trust in the Justice System

The fallout extends beyond immediate data loss. Legal experts warn that exposed case files could undermine trials, with defense attorneys potentially challenging evidence integrity.

The Path Forward

Modernization Efforts

The Judiciary is in the process of modernizing its case management system. One of the first steps in the modernization plan is to replace the current version of the system known as PACER (Public Access to Court Records) with unified search functionality and other improvements aimed at making records searches easier and more intuitive and user-friendly.

Cybersecurity Integration

Industry insiders, speaking anonymously, suggest integrating federal courts into the broader Cybersecurity and Infrastructure Security Agency (CISA) framework for real-time threat sharing.

Implications of US Cyber Command Standing Down from Operations Against Russia
The United States Department of Defense has ordered U.S. Cyber Command to halt offensive cyber operations targeting Russia, marking a significant shift in military strategy amid diplomatic efforts to end the Russo-Ukrainian war. The directive, issued by Defense Secretary Pete Hegseth, reflects the Trump administration’s broader push to
Security Careers HelpSecurity Careers

Key Takeaways

  1. Critical Infrastructure Exposed: The breach demonstrates how decades of underinvestment in judicial IT infrastructure created vulnerabilities that sophisticated nation-state actors can exploit.
  2. Intelligence Operations: The targeted nature of the attack, focusing on cases with Russian and Eastern European connections, suggests this was an intelligence-gathering operation rather than opportunistic cybercrime.
  3. Systemic Risks: Beyond data theft, the ability to alter official court records represents a fundamental threat to the integrity of the U.S. legal system.
  4. Urgent Modernization Needed: This incident underscores the critical need for comprehensive cybersecurity upgrades across federal judicial systems, requiring significant investment and coordination with cybersecurity agencies.
  5. Ongoing Threat: As geopolitical tensions continue, judicial systems worldwide can expect increasingly sophisticated attacks targeting sensitive legal proceedings and confidential information.

The federal courts breach serves as a stark reminder that critical government infrastructure remains vulnerable to sophisticated adversaries, and that protecting the foundations of democratic institutions requires both technological modernization and sustained cybersecurity investment.

Read more

Operation Checkmate: International Law Enforcement Dismantles BlackSuit Ransomware Empire

Operation Checkmate: International Law Enforcement Dismantles BlackSuit Ransomware Empire

Major cybercriminal organization responsible for over $500 million in ransom demands finally brought down in coordinated global action In a landmark victory against cybercrime, international law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, one of the most destructive cybercriminal operations of recent years. The coordinated takedown,

By Breached Company