The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday confirmed previous reports that Russia-linked hackers tapped into correspondence between federal agencies and Microsoft.
The agency publicly issued an emergency directive Thursday in which it told agencies that were affected by the breach to take actions including taking “steps to identify the full content of the agency correspondence with compromised Microsoft accounts and perform a cybersecurity impact analysis.” CISA described those behind the breach as a “Russian state-sponsored cyber actor known as Midnight Blizzard.”
“For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity,” CISA Director Jen Easterly said in a CISA press release.
Microsoft said in March that Midnight Blizzard had been trying to breach its systems by way of “using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.” In January, Microsoft brought to light that it had “detected a nation-state attack” on its corporate systems from Midnight Blizzard and that hackers got access to “a very small percentage” of corporate email accounts.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” Microsoft said in a March blog post.
Those “secrets” include ones shared between Microsoft and customers by way of email, and the company said it would inform and assist them with mitigating measures.
Microsoft also said that Midnight Blizzard increased the volume of specific types of attacks, like password sprays, by as much as tenfold in February. Password sprays are a type of cyberattack that is characterized by the repetitive use of the same password on different accounts to try and breach them.
The Hill has reached out to Microsoft for comment.