According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), emails from multiple governmental agencies in the United States were pilfered by Russian hackers facilitated by the Russian government as a consequence of a continuous Microsoft cyberattack.
The U.S. cyber agency said in a statement released on Thursday that the incident, which Microsoft first made public in January, gave the hackers access to federal government communications “through a successful compromise of Microsoft corporate email accounts.”
The hackers, who go by the name APT29 and whom Microsoft refers to as “Midnight Blizzard,” are generally thought to be employed by Russia’s Foreign Intelligence Service, or SVR.
“A serious and intolerable risk to agencies is posed by Midnight Blizzard’s successful infiltration of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft,” the CISA stated.
Based on fresh evidence that Russian hackers were stepping up their attacks, the federal cyber agency said it issued a new emergency directive on April 2 directing civilian government agencies to take steps to secure their email accounts. On Thursday, CISA released the emergency directive’s contents, giving the government agencies involved a week to secure the compromised systems and change their passwords.
When TechCrunch contacted a CISA representative, they did not immediately respond. CISA did not identify the federal departments whose emails were compromised.
Cyberscoop broke a report on the emergency decree last week.
The emergency decision is issued as Microsoft’s security procedures come under closer examination following a wave of hacks by hostile nations’s hackers. The software behemoth is mostly relied upon by the US government to host official email accounts.
After discovering that the Russian hacker organization had compromised several company email systems, including the email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions,” Microsoft made the announcement public in January. According to Microsoft, the Russian hackers were looking for information regarding what Microsoft’s security teams and Microsoft itself knew about the hackers. The IT behemoth then claimed that the hackers had not only targeted Microsoft but other companies as well.
It is now discovered that US government entities were among the impacted organizations.
Microsoft declared in March that it was still working to remove the Russian hackers from its networks, referring to the operation as an “ongoing attack.” The business stated in a blog post that the hackers were trying to get access to further internal Microsoft systems and steal more data, including source code, by using the “secrets” they had originally taken.
When TechCrunch questioned Microsoft on Thursday about the steps the firm has taken to address the assault since March, the company did not respond right away.
The U.S. Cyber Safety Review Board (CSRB) wrapped up its investigation into an earlier 2023 breach of emails belonging to the U.S. government that was ascribed to hackers with support from the Chinese government earlier this month. An independent panel of government representatives and commercial sector cyber specialists, the CSRB, placed the blame on a “cascade of security failures at Microsoft.” These made it possible for the hackers supported by China to steal a private email key that gave them wide access to both official and private emails.
Twenty thousand people were told in February by the U.S. Department of Defense that their personal information had been compromised online after a cloud email server housed by Microsoft in 2023 became unlocked for many weeks.