New allegations indicate Kremlin-linked hackers may be partly responsible for a breach of the US federal court filing systems, with investigators probing a possible years-long compromise that accessed sealed and sensitive criminal case records across multiple jurisdictions. The judiciary is moving high-risk files offline and tightening access while the Department of Justice works to determine when the intrusion began and who exactly is behind it.
What Investigators Say About Attribution And Scope
People briefed on the August 7 attack said hackers broke into the federal judiciary’s electronic case filing system and searched criminal case files in at least eight districts, including New York City. Some of the cases involved individuals with Russian and Eastern European surnames.
“Investigators have uncovered evidence that Russia is at least partly responsible for a recent hack of the computer system that manages federal court documents.”
The breach is believed to have exposed highly sensitive records, including information that could reveal sources and people charged with national security crimes. Some sealed filings were among the compromised data.
Timeline And Method Remain Under Review
The Department of Justice has not confirmed when the courts’ management system was first compromised. Sources previously indicated the intrusion occurred on or around July 4, but officials also described it as a “years-long effort to infiltrate the system,” with the threat actors labeled “persistent and sophisticated.”
Attribution to a specific Russian service has not been established. Investigators have considered whether units within the FSB, SVR, or GRU—linked publicly to APT29/Cozy Bear, APT28/Fancy Bear, APT44/Sandworm, and Star Blizzard—played a role. It is also unknown whether any other nation-state actors were involved.
Sensitive Systems Affected And Immediate Safeguards
The Case Management/Electronic Case Files (CM/ECF) system, used by legal professionals to upload and manage filings, and the related Public Access to Court Electronic Records (PACER) service, are at the center of the response. Officials are urgently removing the most sensitive documents from connected systems and restricting access.
“These sensitive documents can be targets of interest to a range of threat actors,” the US Courts said in a statement on August 7.
Judges in the Eastern District of New York ordered certain case files to be transferred to a separate, isolated drive. Courts nationwide are applying tighter procedures to limit who can view sensitive filings and under what conditions.
“To better protect them, courts have been implementing more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances.”
Targeting Pattern And Jurisdictions Impacted
Early review indicates the intruders initially focused on criminal case documents with overseas ties. Searches reportedly included midlevel criminal matters in the New York City area and other jurisdictions. Officials have expressed concern that the breach could expose the identities of confidential informants in multiple federal districts.
Geopolitical Context Now In The Frame
The disclosure comes the same week a meeting is scheduled in Alaska between US President Donald Trump and Russian President Vladimir Putin, where discussion of a possible end to the war in Ukraine is expected. Earlier this month, separate reporting suggested Moscow was shifting attention from the US to the UK to improve ties with Washington; investigators have not confirmed any linkage between that shift and the court breach.
