Adrian Johnson
TLDR:
- CISA issued an emergency directive for federal agencies to take action against the Russia-backed cyberthreat actor Midnight Blizzard
- The directive requires agencies to analyze potentially affected emails and reset compromised credentials
CISA has released an emergency directive requiring federal agencies to take immediate action against the Russia-backed cyberthreat actor Midnight Blizzard. The directive, issued on April 2, calls for agencies to analyze the content of potentially affected emails and reset any compromised credentials in order to mitigate the risks posed by the threat actor. According to CISA, Midnight Blizzard has exfiltrated email correspondence between federal civilian executive branch agencies and Microsoft through a compromise of Microsoft corporate email accounts.
The directive also calls for additional measures to ensure that authentication platforms for privileged Microsoft Azure accounts are secure. CISA Director Jen Easterly emphasized the importance of immediate action in reducing the risk to federal systems, stating that malicious cyber activity from Russia has been a longstanding concern for the U.S. government. Easterly, a 2024 Wash100 awardee, highlighted the need for collaboration with federal government and private sector partners to defend against such threats.
CISA and Microsoft have informed affected federal agencies of the compromise, and the National Security Agency issued a joint advisory detailing tactics used by Russian cyber actors. Government and industry leaders will convene at the 2024 Cyber Summit to discuss the latest trends in cybersecurity.
