CISA Issues Emergency Order On Microsoft Breach By Russian Hackers

Affected bodies must take immediate action, agency says

clock • 2 min read
CISA Issues Emergency Order On Microsoft Breach By Russian Hackers

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) published its recently issued emergency directive on Thursday, which confirmed that a Russian state-sponsored hacker group was able to steal emails from federal agencies in connection with the breach of Microsoft executive accounts.

The threat actor, known as Midnight Blizzard, has been associated with Russia's SVR foreign intelligence unit by the US government.

Through the compromise of Microsoft corporate email accounts, Midnight Blizzard has "exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft," CISA said in the emergency directive.

"The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to Microsoft customer systems," CISA said in the directive.

The emergency directive orders federal agencies to "immediately mitigate" the "significant risk" posed by the threat actor, including through analyzing the content of stolen emails and resetting credentials.

The breach was first disclosed by Microsoft in January and is believed to have begun in November. The compromise was initially believed to have affected members of the tech giant's senior leadership team as well as employees on its cybersecurity and legal teams.

In an update on the incident in early March, Microsoft disclosed that Midnight Blizzard had been observed continuing to seek to exploit information gathered in the attack. The threat group has previously been held responsible for attacks including the widely felt 2020 breach of SolarWinds.

‘Immediate Action'

The emergency directive is dated 2nd April and was previously confirmed by Microsoft in a statement to CRN. The existence of the directive was first reported by Scoop News Group.

The directive "requires immediate action by agencies to reduce risk to our federal systems," CISA director Jen Easterly said in a news release.

"For several years, the US government has documented malicious cyber activity as a standard part of the Russian playbook," Easterly said. "This latest compromise of Microsoft adds to their long list."

The directive follows the recent blistering report about Microsoft's security culture and practices issued by the US Homeland Security-appointed Cyber Safety Review Board.

Earlier this month, the board released a 34-page report on last year's Microsoft Exchange Online breach, which was linked to China and impacted multiple federal agencies and officials including Commerce Secretary Gina Raimondo. The review board pinned the cloud email breach on a "cascade of Microsoft's avoidable errors."

In the Midnight Blizzard attack, meanwhile, Microsoft confirmed in late January that hackers initially gained access by exploiting a lack of multifactor authentication on a "legacy" account.

This article first appeared on CRN


You may also like
Leaked Documents Provide Glimpse Into Google's Search Secrets


'Over a decade we've been lied to,' says source

clock 05-29-2024 • 4 min read
Google Eyes HubSpot Acquisition To Challenge Microsoft

Cloud Computing

Microsoft's Dynamics products dominate the modern CRM sector

clock 05-28-2024 • 3 min read
5 AI Policy Templates You Can Use As A Framework

Artificial Intelligence

AI is something that many businesses are still working through. There are guidance and tools to help to create a framework for any business.

clock 05-24-2024 • 2 min read

More on Security

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

Semperis' VP of products, Darren Mar-Elia, breaks down how ML helps with identity-based security and why the new offering is a fit for midmarket organizations' cyber resilience strategies

Samara Lynn
clock 05-23-2024 • 7 min read
Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

'I still remember distinctly the first time Win32 was discussed … .Net, Azure. These are moments that I’ve marked my life with. And it just feels like we’re, yet again, at a moment like that,' Microsoft CEO Satya Nadella said in his keynote at Build 2024....

Wade Tyler Millward
clock 05-22-2024 • 9 min read
Strata Announces 'Always-On' Identity Continuity

Strata Announces 'Always-On' Identity Continuity

Identity access and management continues to evolve

Samara Lynn
clock 05-21-2024 • 2 min read