According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), emails from multiple governmental agencies in the United States were pilfered by hackers supported by the Russian government as a consequence of a continuous Microsoft cyberattack.
The U.S. cyber agency said in a statement released on Thursday that the incident, which Microsoft first made public in January, gave the hackers access to federal government communications “through a successful compromise of Microsoft corporate email accounts.”
The hackers, who go by the name APT29 and whom Microsoft refers to as “Midnight Blizzard,” are generally thought to be employed by Russia’s Foreign Intelligence Service, or SVR.
“A serious and intolerable risk to agencies is posed by Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft,” the CISA stated.
Based on fresh evidence that Russian hackers were stepping up their attacks, the federal cyber agency said it issued a new emergency directive on April 2 directing civilian government agencies to take steps to secure their email accounts. On Thursday, CISA released the emergency directive’s contents, giving the government agencies involved a week to secure the compromised systems and change their passwords.
When TechCrunch contacted a CISA representative, they did not immediately respond. CISA did not identify the federal departments whose emails were compromised.
News of the emergency directive was first reported by Cyberscoop last week.
The emergency decision is issued as Microsoft’s security procedures come under closer examination following a wave of hacks by hostile nation’s hackers. The software behemoth is mostly relied upon by the US government to host official email accounts.
After discovering that the Russian hacker organisation had compromised several company email systems, including the email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions,” Microsoft made the announcement public in January. According to Microsoft, the Russian hackers were looking for information regarding what Microsoft’s security teams and Microsoft itself knew about the hackers. The IT behemoth then claimed that the hackers had not only targeted Microsoft but other companies as well.
It is now discovered that US government entities were among the impacted organisations.
By March, Microsoft said it was continuing its efforts to expel the Russian hackers from its systems in what the company described as an “ongoing attack.” In a blog post, the company said the hackers were attempting to use “secrets” they had initially stolen in order to access other internal Microsoft systems and exfiltrate more data, such as source code.
When TechCrunch questioned Microsoft on Thursday about the steps the firm has taken to address the assault since March, the company did not respond right away.
The U.S. Cyber Safety Review Board (CSRB) wrapped up its investigation into an earlier 2023 breach of emails belonging to the U.S. government that was ascribed to hackers with support from the Chinese government earlier this month. An independent panel of government representatives and commercial sector cyber specialists, the CSRB, placed the blame on a “cascade of security failures at Microsoft.” These made it possible for the hackers supported by China to steal a private email key that gave them wide access to both official and private emails.
The U.S. Department of Defence informed 20,000 people in February that their private data was compromised online after a cloud email server managed by Microsoft was left without a password in 2023 for a few weeks.