The US cybersecurity agency CISA has acknowledged that Russian government-backed hackers have stolen emails from multiple US federal agencies as a result of an ongoing cyberattack at Microsoft.
The U.S. Cyber Agency said in a statement Thursday that the cyberattack, first disclosed by Microsoft in January, allowed hackers to “successfully compromise Microsoft corporate email accounts” and access federal government email accounts. He said he was able to steal it.
The hacker, which Microsoft calls “Midnight Blizzard” (also known as APT29), is widely believed to be working for Russia's Foreign Intelligence Service (SVR).
“Midnight Blizzard's compromise of Microsoft corporate email accounts and the leaking of communications between government agencies and Microsoft poses a significant and unacceptable risk to government agencies,” CISA said.
The Federal Cyber Agency issued a new emergency directive on April 2 ordering civilian government agencies to take measures to protect email accounts, based on new information that Russian hackers are increasing their intrusions. It was announced that the order had been issued. CISA released details of the emergency directive on Thursday after giving affected federal agencies one week to reset passwords and secure affected systems.
CISA did not name the federal agencies affected by the stolen emails, and a CISA spokesperson did not immediately comment to TechCrunch.
News of the emergency order was first reported by CyberScoop last week.
The emergency directive comes as Microsoft faces increased scrutiny over its security practices following a spate of intrusions by hackers from hostile countries. The US government relies heavily on the software giant for hosting government email accounts.
1 after Microsoft identified that a group of Russian hackers had infiltrated some of its corporate email systems, including the email accounts of “senior leadership teams and employees in our cybersecurity, legal, and other departments.” The company went public in April. Microsoft said the Russian hackers are seeking information about what Microsoft and its security team know about the hackers themselves. Later, the tech giant announced that the hackers had also targeted organizations other than Microsoft.
It is now known that some of the affected organizations included US government agencies.
By March, Microsoft announced that it was continuing its efforts to remove Russian hackers from its systems in what it described as a “sustained attack.” The company said in a blog post that the hackers are attempting to use the “secrets” they stole in the first place to gain access to other systems within Microsoft and steal additional data, including source code.
Microsoft did not immediately comment when asked by TechCrunch on Thursday what progress it has made in remediating the attacks since March.
Earlier this month, the U.S. Cyber Security Review Board concluded its investigation into a breach of U.S. government emails in early 2023 that was attributed to Chinese state-backed hackers. The CSRB, an independent body that includes government representatives and private sector cyber experts, blamed a “series of security failures at Microsoft.” These allowed Chinese-backed hackers to steal sensitive email keys that gave them widespread access to both consumer and government emails.
In February, the U.S. Department of Defense notified 20,000 people that a cloud email server hosted by Microsoft was left without a password for several weeks in 2023, exposing their personal information to the internet.