Russian Government-Backed Hackers Steal U.S. Federal Agency Emails
Russian government-backed hackers, known as APT29 or “Midnight Blizzard,” have successfully stolen emails from multiple U.S. federal agencies in an ongoing cyberattack that targeted Microsoft. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed this alarming development, expressing concern over the compromise of Microsoft corporate email accounts and the subsequent exfiltration of correspondence between agencies and the technology giant.
CISA Issues Emergency Directive to Secure Email Accounts
To address the escalating threat, CISA issued an emergency directive on April 2, requiring civilian government agencies to take immediate action to secure their email accounts. This directive was prompted by new information indicating that the Russian hackers were increasing their intrusions. After giving affected federal agencies a week to reset passwords and secure compromised systems, CISA made the details of the emergency directive public.
Microsoft’s Security Practices Under Scrutiny
Microsoft’s security practices have come under scrutiny as a result of these cyberattacks. The U.S. government heavily relies on the software giant for hosting government email accounts, making it a prime target for hackers from adversarial nations. In January, Microsoft disclosed that the Russian hacking group had breached corporate email systems, targeting the accounts of senior executives and employees in cybersecurity, legal, and other departments. The hackers were specifically searching for information about what Microsoft and its security teams knew about them. Subsequently, it was revealed that these hackers also targeted other organizations beyond Microsoft.
Ongoing Attack and Efforts to Expel Hackers
By March, Microsoft announced that the Russian hackers were still present in their systems, referring to the cyberattack as an “ongoing attack.” The company acknowledged that the hackers were attempting to leverage the stolen “secrets” to gain access to additional internal Microsoft systems and extract more data, including source code. However, Microsoft has not provided an update on the progress made in remediating the attack since March.
Security Failures at Microsoft
This recent breach follows a previous incident in 2023, where China government-backed hackers breached U.S. government emails. An investigation conducted by the U.S. Cyber Safety Review Board (CSRB) concluded that a series of security failures at Microsoft facilitated this breach. The CSRB, an independent body consisting of government representatives and cybersecurity experts from the private sector, attributed the breach to a “cascade of security failures” that allowed the China-backed hackers to gain access to a sensitive email key, compromising both consumer and government emails.
U.S. Department of Defense Breach
In another incident, the U.S. Department of Defense notified 20,000 individuals that their personal information had been exposed on the internet due to an oversight involving a Microsoft-hosted cloud email server. The server was left without a password for several weeks in 2023, leaving it vulnerable to unauthorized access.
These incidents highlight the pressing need for improved cybersecurity measures and heightened vigilance in protecting sensitive data from increasingly sophisticated and persistent cyber threats.
