WASHINGTON, D.C. – The U.S. government revealed on Thursday that Russian government hackers who recently infiltrated Microsoft corporate emails managed to acquire passwords and other sensitive information that could potentially compromise multiple U.S. agencies.
The Cybersecurity and Infrastructure Security Agency, a branch of the Department of Homeland Security, issued an urgent directive to an undisclosed number of agencies on Tuesday, instructing them to change any compromised log-in information and investigate the extent of the security breach. The directive was made public on Thursday, following efforts by the agencies to strengthen their defenses.
According to the agency, the breach of Microsoft corporate email accounts and the theft of communication between agencies and Microsoft pose a significant and unacceptable risk to government agencies. The Emergency Directive requires agencies to assess the content of stolen emails, reset compromised credentials, and implement additional security measures to safeguard privileged Microsoft Azure accounts.
Microsoft’s software, including Windows operating system and Outlook email, is widely utilized across the U.S. government, highlighting the critical role the company plays in ensuring the cybersecurity of federal employees and their operations. However, the longstanding relationship between the government and Microsoft is now facing escalating challenges.
The warning issued on Tuesday expands concerns around a breach disclosed by Microsoft in January, which impacted government agencies and major corporate clients. The hackers, believed to be linked to Russian military intelligence agency SVR, have been targeting individuals who have interacted with the compromised email accounts.
While it remains unclear how many agencies received the warning, officials are actively assessing the situation to determine the extent of the security risks to national interests. The group behind the breach, known as Midnight Blizzard by Microsoft and Cozy Bear by security experts, poses a significant threat with its sophisticated cyber capabilities.
The SVR team responsible for the breach is renowned for its advanced hacking techniques and persistent targeting of high-value objectives. The group was previously implicated in the SolarWinds network breach in 2020 and the hack of Democratic National Committee computers during the 2016 presidential campaign.
The ongoing investigation into the breach underscores the growing challenges in ensuring cybersecurity in the face of complex and evolving threats. The breach at Microsoft, along with other recent incidents, highlights the urgent need for improved security measures and vigilance to protect sensitive information and national security.