The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers supported by the Russian government stole emails from multiple federal agencies. An ongoing cyberattack targeting Microsoft caused this incident.
The U.S. cyber agency reported a cyberattack on Thursday, which Microsoft first revealed in January. This attack resulted in the theft of federal government emails by hackers who successfully compromised Microsoft corporate email accounts.
It is widely believed that the hackers, referred to as “Midnight Blizzard” or APT29, are associated with Russia’s Foreign Intelligence Service, or SVR.
“The successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” CISA stated.
Similar to a data scientist, the federal cyber agency recently issued a new emergency directive on April 2. This directive mandates civilian government agencies to promptly secure their email accounts. The urgency stems from fresh information indicating that Russian hackers are intensifying their intrusions. CISA released details of the emergency directive on Thursday after providing affected federal agencies with a one-week period to reset passwords and secure their systems.
CISA did not disclose the federal agencies affected by the stolen emails. Eltrys attempted to contact a CISA spokesperson for comment but received no immediate response.
Cyberscoop first reported the emergency directive last week.
In light of recent cyberattacks by adversarial nations, Microsoft is now under heightened scrutiny regarding its security practices. Consequently, the government has issued an emergency directive. The US government heavily relies on the software giant to host government email accounts.
Microsoft went public in January after discovering that a Russian hacking group had gained unauthorized access to certain corporate email systems, including the accounts of key personnel in our cybersecurity, legal, and other departments. Microsoft stated that the Russian hackers were actively seeking information about Microsoft’s knowledge of their own activities, as well as the insights of their security teams. Furthermore, the technology giant revealed that the hackers had also set their sights on other organizations beyond Microsoft.
Government agencies in the United States were among the organizations affected by this incident.
In March, Microsoft announced its ongoing efforts to remove the Russian hackers from its systems, characterizing it as a persistent attack. According to a blog post, the company mentioned that the hackers were trying to utilize stolen “secrets” to gain unauthorized access to additional internal Microsoft systems and extract more data, including source code.
When Eltrys reached out to Microsoft on Thursday to inquire about the progress in resolving the attack since March, the company did not provide an immediate comment.
In a recent report, the U.S. Cyber Safety Review Board (CSRB) wrapped up its investigation into a significant breach of U.S. government emails that occurred earlier this year. Hackers with ties to the Chinese government are responsible for the breach. The CSRB, a group of government representatives and private sector cybersecurity professionals, held Microsoft responsible for a series of security failures. These vulnerabilities enabled the hackers, who are believed to have ties to China, to successfully steal a highly sensitive email key. With this key, they had extensive access to both consumer and government emails.
A recent significant incident exposed 20,000 people’s personal information to the internet. The unfortunate event occurred in 2023 when a Microsoft-hosted cloud email server went without a password for several weeks.
