Adrian Johnson
TLDR:
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive confirming that a Russian state-sponsored hacker group known as Midnight Blizzard stole emails from federal agencies through the compromise of Microsoft executive accounts.
- The directive orders federal agencies to take immediate action to mitigate the significant risk posed by the threat actor, which includes analyzing the content of stolen emails and resetting credentials.
In a recently issued emergency directive, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a Russian state-sponsored hacker group, Midnight Blizzard, was able to steal emails from federal agencies by compromising Microsoft’s corporate email system. This threat actor has been associated with Russia’s SVR foreign intelligence unit. Through the breach of Microsoft executive accounts, Midnight Blizzard exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft.
The directive orders federal agencies to take immediate action to mitigate the risk posed by the threat actor. This includes analyzing the content of stolen emails and resetting credentials. The breach, which was first disclosed by Microsoft in January, is believed to have started in November and initially affected senior leadership and cybersecurity teams within the tech giant. Midnight Blizzard has been observed attempting to exploit information gathered in the attack, and was also responsible for the 2020 SolarWinds breach.
The emergency directive, issued on April 2, follows a scathing report on Microsoft’s security practices by the U.S. Homeland Security-appointed Cyber Safety Review Board. The board’s report on last year’s Microsoft Exchange Online breach linked to China highlighted Microsoft’s avoidable errors that led to the breach.
