US cybersecurity agency CISA has confirmed that Russian government-backed hackers have stolen emails from several US federal agencies following an ongoing cyberattack against Microsoft.
In a statement released Thursday, the U.S. cybersecurity agency said the cyberattack, initially disclosed by Microsoft in January, allowed hackers to steal federal government emails “through a successful compromise of corporate email accounts of Microsoft”.
The hackers, which Microsoft calls “Midnight Blizzard,” also known as APT29, are widely believed to be working for Russia’s Foreign Intelligence Service, or SVR.
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and exfiltration of correspondence between agencies and Microsoft poses a serious and unacceptable risk to agencies,” CISA said.
The federal cybersecurity agency said it issued a new emergency directive on April 2 ordering civilian government agencies to take steps to secure their email accounts, based on new information that Russian hackers were stepping up their intrusions . CISA made details of the emergency directive public Thursday after giving affected federal agencies a week to reset passwords and secure affected systems.
CISA did not name the affected federal agencies that had emails stolen, and a CISA spokesperson did not immediately comment when contacted by TechCrunch.
News of the emergency directive was first reported by Cyberscoop last week.
The emergency directive comes as Microsoft faces increasing scrutiny of its security practices after a wave of intrusions by hackers from adversary countries. The US government relies heavily on the software giant to host government email accounts.
Microsoft went public in January after identifying that the Russian hacking group had broken into some corporate email systems, including the email accounts of “the leadership team and employees across our cybersecurity functions , legal and others. Microsoft said the Russian hackers were seeking information about what Microsoft and its security teams knew about the hackers themselves. Later, the tech giant said the hackers had also targeted other organizations outside of Microsoft.
It is now known that some of the organizations involved included US government agencies.
In March, Microsoft said it was continuing its efforts to expel Russian hackers from its systems, in what the company described as an “ongoing attack.” In a blog post, the company said the hackers were attempting to use “secrets” they initially stole in order to access other internal Microsoft systems and exfiltrate more data, such as source code.
Microsoft did not immediately comment when asked by TechCrunch on Thursday what progress the company has made in remediating the attack since March.
Earlier this month, the U.S. Cyber Safety Review Board concluded its investigation into a 2023 breach of U.S. government emails attributed to Chinese government-backed hackers. The CSRB, an independent body that includes government officials and private sector cybersecurity experts, blamed a “cascade of security breaches at Microsoft.” These allowed Chinese-backed hackers to steal a sensitive email key that allowed broad access to consumer and government emails.
In February, the US Department of Defense notified 20,000 people that their personal information had been exposed on the internet after a cloud email server hosted by Microsoft was left without a password for several weeks in 2023.
techcrunch
