Key Takeaways:
- Russian hackers breached Microsoft’s email system, gaining access to emails from multiple US government agencies.
- CISA issued an emergency directive instructing federal agencies to enhance protection for their email accounts in response to the breach.
- Federal agencies impacted by the breach are required to reset passwords and fortify security systems within a week.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that Russian hackers, who penetrated Microsoft’s email system last year, have now successfully stolen emails from numerous US government agencies. In response, CISA has promptly issued an emergency directive, mandating federal agencies to bolster protection for their email accounts.
Microsoft recently confirmed that its senior executives’ email accounts were hacked by the “Midnight Blizzard” hacking group, also known as Cozy Bear and APT29. The company warned that these Russian state-sponsored hackers not only spied on the email accounts but also managed to steal source code and gain unauthorized access to internal systems.
Earlier this month, CISA warned that the cyberattack allowed the hackers to exfiltrate email communications between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. The stolen emails contained critical authentication details such as credentials, passwords, tokens, and API keys. Consequently, federal agencies that were affected by this breach are required to reset their passwords and secure their security systems within a week.
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies. This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure,” CISA explained.
Microsoft to share email metadata amid Russian cyberattacks
CISA has not disclosed the names of the U.S. federal agencies whose emails have been compromised by Midnight Blizzard. Nonetheless, Microsoft and CISA have individually notified all affected agencies.
Microsoft has agreed to share all metadata related to compromised emails containing credentials with affected departments. Additionally, the company will provide CISA with metadata concerning all exfiltrated federal agency correspondence linked to compromised Microsoft accounts.
CISA also intends to provide technical support to federal agencies lacking internal capabilities to comply with this Emergency Directive. The cyber agency will also publish a report in September detailing its ongoing mitigation efforts.