US claims Russian hackers took emails belonging to the federal government during a Microsoft hack.

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that emails from many federal agencies in the United States were taken by a group of hackers supported by the Russian government as part of a continuous cyberattack against Microsoft.

The U.S. cyber agency said in a statement on Thursday that the cyberattack—which Microsoft first made public in January—actually made it easier to steal emails belonging to the federal government “via a successful breach of Microsoft corporate email accounts.”

It is commonly believed that the hackers, who Microsoft named “Midnight Blizzard” or APT29, are sponsored by Russia’s Foreign Intelligence Service, SVR.

CISA declared that “Midnight Blizzard’s” successful breach of Microsoft corporate email accounts and the subsequent retrieval of agency-to-Microsoft communications constituted a serious and unacceptable risk to government agencies.

On April 2, CISA issued a new emergency regulation requiring civilian government institutions to strengthen their email accounts in response to the increasing number of incursions by Russian hackers. The government gave impacted federal entities a week to change their passwords and strengthen their hacked systems before making the directive’s details public on Thursday.

When TechCrunch called a representative of CISA, the official declined to speak right away, despite the agency refusing to name the government entities that were compromised through email.

Thanks to Cyberscoop, the emergency directive’s first reports first appeared last week.

The emergency directive’s release is in line with growing criticism of Microsoft’s security procedures in the wake of many hacks by hostile nation-state hackers. The breaches have sparked serious worries because the U.S. government heavily relies on Microsoft to handle federal email accounts.

Microsoft initially revealed in January that a gang of Russian hackers had gained access to a number of company email accounts, including those of senior executives and employees in the legal, cybersecurity, and other areas. It seemed that the goal was to learn whether Microsoft was aware of the hackers’ actions. The hackers then broadened the scope of their attack to include targets other than Microsoft, such as US government entities.

In March, Microsoft declared that it was making continuous efforts to remove the Russian hackers from its networks, referring to the situation as a “ongoing attack.” The business was aware of the hackers’ attempts to break into further internal systems and obtain more data, including source code, by using secrets they had stolen.

Microsoft declined to respond right away on Thursday when TechCrunch approached them about the attack’s remediation efforts since March.

The U.S. Cyber Safety Review Board (CSRB) wrapped up its investigation into a 2023 breach of emails belonging to the U.S. government that was linked to hackers with support from China earlier this month. The compromise was caused by a “cascade of security failures at Microsoft,” according to the CSRB, which allowed the hackers to get their hands on a confidential email key that gave them wide access to both private and public sector email accounts.

The Department of Defense in the United States informed 20,000 people in February that their personal information had been compromised over the internet following a few weeks in 2023 when a cloud email server run by Microsoft was left unguarded.

Discover more from GISTVIBEZ

Subscribe to get the latest posts to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *