Tech | Visa | Scholarship/School | Info Place

US says Russian hackers stole federal government emails during Microsoft cyber attack

U.S. cybersecurity agency CISA has confirmed that Russian government-backed hackers stole emails from multiple U.S. federal agencies as a result of an ongoing cyberattack on Microsoft.

The cyberattack, which Microsoft originally disclosed in January, allowed hackers to steal federal government emails “through a successful compromise of a Microsoft corporate email account,” the U.S. cyber agency said in a statement released Thursday.

The hackers, dubbed “Midnight Blizzard” by Microsoft and also known as APT29, are widely believed to work for Russia’s Foreign Intelligence Service (SVR).

“Midnight Blizzard successfully compromised Microsoft corporate email accounts and compromised communications between agencies and Microsoft, posing a serious and unacceptable risk to agencies,” CISA said.

The federal cyber agency said it issued a new emergency directive on April 2 ordering civilian government agencies to take action to protect the security of their email accounts, based on new information that Russian hackers have stepped up their intrusions. CISA made public the details of the emergency directive Thursday after giving affected federal agencies a week to reset passwords and secure affected systems.

CISA did not name the affected federal agencies whose emails were stolen, and a CISA spokesperson had no immediate comment when reached by TechCrunch.

Cyberscoop first reported news of the emergency directive last week.

The emergency directive comes as Microsoft faces increasing scrutiny of its security practices after a spate of intrusions by hackers from hostile nations. The U.S. government relies heavily on the software giant to host government email accounts.

Microsoft went public in January after confirming that a Russian hacking group had breached a number of corporate email systems, including the email accounts of “senior leadership teams and employees across our cybersecurity, legal and other functions.” Microsoft said the Russian hackers were seeking information about what Microsoft and its security team knew about the hackers themselves. Later, the tech giant said the hackers also targeted other organizations besides Microsoft.

It is now known that some of the affected organizations include US government agencies.

By March, Microsoft said it was continuing efforts to expel Russian hackers from its systems in what the company called an “ongoing attack.” The hackers attempted to use the “secrets” they initially stole to access other internal Microsoft systems and steal more data, such as source code, the company said in a blog post.

Microsoft had no immediate comment Thursday when asked by TechCrunch what progress the company had made in patching the attack since March.

Earlier this month, the U.S. Cybersecurity Review Board concluded its investigation into an earlier 2023 breach of U.S. government emails caused by Chinese government-backed hackers. The CSRB, an independent body made up of government representatives and private sector cyber experts, blamed “a series of security failures at Microsoft.” These allowed China-backed hackers to steal sensitive email keys, giving them broad access to consumer and government email.

In February, the U.S. Department of Defense notified 20,000 people that their personal information was exposed on the Internet because a cloud email server hosted by Microsoft did not have a password for several weeks in 2023.

#Russian #hackers #stole #federal #government #emails #Microsoft #cyber #attack

Leave a Reply

Your email address will not be published. Required fields are marked *