The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that Russian government-supported hackers, identified as “Midnight Blizzard” or APT29, have stolen emails from multiple U.S. federal agencies.
This breach is a part of an ongoing cyberattack against Microsoft, initially disclosed by the company in January. CISA has revealed that this breach resulted from the successful compromise of Microsoft’s corporate email accounts, leading to the unauthorized access and exfiltration of federal government emails. This incident has raised serious concerns about national security and the effectiveness of cybersecurity measures within federal agencies.
Who Are the “Midnight Blizzard” Hackers?
Microsoft has identified “Midnight Blizzard” as a hacking group operating under the Russian Foreign Intelligence Service, or SVR. The attack’s sophistication and targeting of critical communication channels underscore the significant cybersecurity threats posed by state-sponsored entities.
In response to the breach, CISA issued an emergency directive on April 2nd, mandating civilian government agencies to bolster their email account security. This directive, made public on Thursday, includes measures such as password resets and system security enhancements, based on new intelligence about the hackers’ increased activities.
How Is CISA Addressing the Email Security Breach?
The specific federal agencies affected by the email theft have not been disclosed by CISA, and further comments from the agency’s spokesperson were not immediately available.
The situation comes amid Microsoft facing increased scrutiny over its security protocols following a series of intrusions attributed to foreign hackers. The reliance of the U.S. government on Microsoft for email hosting services has brought to light the potential vulnerabilities and risks associated with such dependencies.
Microsoft’s disclosure in January about the breach revealed that the hackers targeted corporate email accounts, including those of senior leadership and employees in key departments like cybersecurity and legal. The hackers’ objective appeared to be gathering intelligence on Microsoft’s awareness and defense strategies against cyber threats. The breach has since been recognized as part of a broader campaign by “Midnight Blizzard,” targeting not only Microsoft but also other organizations, including U.S. government agencies.
Microsoft’s Efforts to Counter the Cyberattack
As of March, Microsoft has been actively working to remove the Russian hackers from its systems, describing the situation as an “ongoing attack.” The company reported that the attackers were using stolen information to infiltrate further into Microsoft’s internal systems and extract additional data, such as source code. However, Microsoft’s progress in mitigating the breach and securing its systems against further intrusions has not been publicly updated since then.
This incident follows another cybersecurity investigation by the U.S. Cyber Safety Review Board (CSRB) into a breach of U.S. government emails earlier in 2023, attributed to Chinese government-backed hackers. The CSRB’s findings pointed to significant security lapses at Microsoft, facilitating the unauthorized access to a wide range of email accounts.
Moreover, a separate incident in February highlighted additional vulnerabilities when the Department of Defense announced the exposure of personal information of 20,000 individuals due to a misconfigured Microsoft-hosted cloud email server.
Related News:
Featured Image courtesy of FlyD on Unsplash