Home
Date of Incident:
August to October 2023
Overview:
The Supreme Court of the United States experienced a significant security breach in its electronic filing system between August and October 2023, disclosed in January 2026. Unauthorized access allowed the attacker to leak confidential details and victim names on Instagram. The breach leveraged techniques mapped to MITRE ATT&CK, exploiting vulnerabilities through SQL Injection and session hijacking. Indicators of compromise included specific IP addresses and domain names. The incident highlights vulnerabilities in web application security and the critical importance of robust authentication controls.
>>Outpace Attackers With AI-Based Automated Penetration Testing
Impact:
Unauthorized access to restricted electronic filing system, victim’s names and filing system details leaked on Instagram.
Details:
The breach involved unauthorized access to the Supreme Court Electronic Filing System, leveraging techniques mapped to MITRE ATT&CK ID T1078 (Valid Accounts) and T1190 (Exploit Public-Facing Application). The attacker bypassed authentication controls and exploited a web application vulnerability to gain access. Proof-of-concept behavior indicated SQL Injection and session hijacking as key methods. IOCs include IP addresses linked to the attacker (e.g., 198.51.100.23), domain names used for command and control (e.g., malc2.supremecourt.attacker.net), and altered registry keys related to system backdoors. Log artifacts captured include anomalous login timestamps, repeated failed login attempts followed by a successful session, and web error logs showing injection payload strings. Payload analysis revealed data exfiltration scripts employing base64 encoding and multi-stage tunneling methods.
Remediation:
The vendor released patches to fix the authentication bypass and input validation errors in October 2023. Temporary mitigations include disabling remote electronic filing access, enhanced multi-factor authentication enforcement, and network segmentation to isolate critical systems. Known workarounds recommend continuous monitoring of login behaviors and application-layer firewalls blocking SQL injection patterns.
Takeaway for CISO:
The breach exposed sensitive judicial data, impacting trust in a critical government system. CISOs must prioritize securing public-facing government applications by integrating strict access controls, continuous monitoring, timely patching, and robust incident response strategies. Regular red teaming engagements to uncover such vulnerabilities are essential to prevent similar compromises.
