The US Cybersecurity and Infrastructure Security Agency (CISA) said a Russian hacker group known as Midnight Blizzard “exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft” after successfully compromising a number of Microsoft corporate email accounts.

“The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to Microsoft customer systems.

“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” read a CISA emergency directive on Thursday, April 11.

Advertisement

The announcement followed Microsoft’s report in January that a Moscow-sponsored hacker group “exfiltrated some emails and attached documents” and “access to some of the company’s source code repositories and internal systems” since November 2023, as reported by Kyiv Post.

CISA did not disclose the level of damage and the nature of the information Midnight Blizzard managed to exfiltrate, but it said both the agency and Microsoft has notified the agencies affected and CISA is now requiring the agencies to review and step up security measures.

Ukraine Fires First Long-Range US Missiles into Russia, Kremlin Vows Response
Other Topics of Interest

Ukraine Fires First Long-Range US Missiles into Russia, Kremlin Vows Response

Russia reacted quickly with angry rhetoric to Ukraine’s first strikes inside the country using American-made long-range weapons after Biden loosened restrictions on their use over the weekend.

“This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure,” said CISA.

Microsoft previously identified the group as Midnight Blizzard, a Russian state-sponsored actor also known as Nobelium and Cozy Bear, which is associated with Russia’s Foreign Intelligence Service (SVR), according to a Microsoft cybersecurity report on Ukraine from June 2022.

Advertisement

The company’s January announcement said the group was “initially targeting email accounts for information related to Midnight Blizzard itself.”

It is believed the group has been utilizing password-spraying attacks in which the same, commonly used passwords were used on multiple accounts in brute-force attacks.

Midnight Blizzard was also the group behind the 2020 SolarWinds hack, in which multiple US federal agencies were compromised.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter