US federal agencies have reportedly been ordered to analyze emails, reset compromised credentials and work to secure Microsoft Corp cloud accounts amid concerns that a Russian nation-state hacking group may have accessed some correspondence.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on April 2, made public on Thursday, instructing agencies to analyze emails, reset compromised credentials, and tighten security protocols.
This directive stems from a January breach at Microsoft, allegedly perpetrated by the Russian state-sponsored group “Midnight Blizzard.” CISA believes Midnight Blizzard stole data from Microsoft, including email exchanges between the company and some US government agencies. These stolen emails pose a “grave and unacceptable risk” as per the CISA directive.
Though Microsoft and CISA have notified all potentially affected agencies, the exact number and names remain undisclosed. The directive sets an April 30th deadline for agencies to reset credentials and identify compromised emails.
This incident underscores a broader trend. In January, Microsoft warned organizations about a similar hacking campaign by another Russian group, “Cozy Bear.” Hewlett Packard Enterprise also reported a cloud-based email breach linked to Midnight Blizzard in the same month.
CISA official Eric Goldstein emphasized the persistent threat posed by such groups to public and private organizations, but the directive doesn’t specify if the hacking campaign is ongoing.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on April 2, made public on Thursday, instructing agencies to analyze emails, reset compromised credentials, and tighten security protocols.
This directive stems from a January breach at Microsoft, allegedly perpetrated by the Russian state-sponsored group “Midnight Blizzard.” CISA believes Midnight Blizzard stole data from Microsoft, including email exchanges between the company and some US government agencies. These stolen emails pose a “grave and unacceptable risk” as per the CISA directive.
Though Microsoft and CISA have notified all potentially affected agencies, the exact number and names remain undisclosed. The directive sets an April 30th deadline for agencies to reset credentials and identify compromised emails.
This incident underscores a broader trend. In January, Microsoft warned organizations about a similar hacking campaign by another Russian group, “Cozy Bear.” Hewlett Packard Enterprise also reported a cloud-based email breach linked to Midnight Blizzard in the same month.
CISA official Eric Goldstein emphasized the persistent threat posed by such groups to public and private organizations, but the directive doesn’t specify if the hacking campaign is ongoing.