Phase 1

Some of the searches included midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames.

ncluding highly sensitive records with information that could reveal sources and people charged with national security crimes, according to several people briefed on the breach.

Some of the searches included midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surname

persistent and sophisticated cyber threat actors have recently compromised sealed records,

Documents related to criminal activity with an overseas tie, across at least eight district courts, were initially believed to have been targeted.

The hackers searched for “midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames,” per the article.

potentially accessing the identities of confidential informants, which are redacted and not publicly known, putting those people at risk of retaliation from the criminals they are helping authorities apprehend.

multiple nation-state and criminal hacking groups exfiltrated sealed case data from at least a dozen district courts since at least July.

That includes pilfering source code for the filing system from at least three federal district courts and vacuuming up sealed case data

“It was like taking candy from a baby for these guys,

In the Jan. 29 fatal crash between a U.S. Army Black Hawk helicopter and American Airlines passenger jet, which is still under investigation, one controller was handing both commercial airline and helicopter traffic at the busy airport.

The employees were fired “without cause nor based on performance or conduct,” Spero said, and the emails were “from an ‘exec order’ Microsoft email address” — not a government email address. A copy of the termination email that was provided to the AP shows the sending address “ASK_AHR_EXEC_Orders@usfaa.mail.outlook.com.”

He added, “When DOGE fired me, they turned off my computer and wiped all of my files without warning.”

laid-off employees also include staffers who worked for CISA’s Cyber Incident Response Team (CIRT), which is responsible for penetration testing and vulnerability management of networks belonging to U.S. federal government departments and agencies

This is by our count the third known round of job cuts to affect CISA employees since January 20. More than 130 CISA employees were cut by DOGE earlier in February,

two independent sources tell NPR

Luke Farritor, a 23-year-old former SpaceX intern, and Adam Ramada, a Miami-based venture capitalist, have had accounts on the computer systems for at least two weeks

these NNSA systems.

departed DOE in February

They were able to directly see Ramada and Farritor's names in the directories of the networks. The network directories are visible to thousands of employees involved in nuclear weapons work at facilities and laboratories throughout the U.S., but the networks themselves can only be accessed on specific terminals in secure rooms designated for the handling of classified information.

In February, CNN reported that DOGE employees, including Farritor, were seeking access to the secretive computer systems. At the time, Energy Secretary Chris Wright denied that they would be allowed on the networks.

first network, known as the NNSA Enterprise Secure Network, is used to transmit detailed "restricted data" about America's nuclear weapons designs and the special nuclear materials used in the weapons, among other things. The network is used to transfer this extremely sensitive technical information between the NNSA, the nation's nuclear weapons laboratories and the production facilities that store, maintain and upgrade the nation's nuclear arsenal.

Secret Internet Protocol Router Network (SIPRNet), is used by the Department of Defense to communicate with the Department of Energy about nuclear weapons. SIPRNet is also used more broadly for sharing information classified at the secret level, information that "could potentially damage or harm national security if it were to get out," explained a former career civil servant at the Department of Defense

remains unclear just how much access to classified data the two DOGE staffers actually have.

DOGE officials on DOE's classified systems would represent an escalation in DOGE's recent privileges inside the agency, but those accounts would not give them carte blanche access to all files hosted on those systems.

Hans Kristensen, director of the Nuclear Information Project at the Federation of American Scientists, which tracks America's nuclear program.

In a second statement later Monday evening, the spokesperson clarified that the accounts had been created but said they were never used by the DOGE staffers. "DOE is able to confirm that these accounts in question were never activated and have never been accessed," the email statement read.

Although large portions of the nuclear weapons budget are ultimately unclassified, a lot of classified details likely go into setting those numbers. "I don't think any of that would be open," he says.