The Cybersecurity and Infrastructure Security Agency (CISA) issued a directive on April 2nd, 2024, urging US government agencies to take action following a cyberattack. Hackers believed to be working for the Russian government infiltrated Microsoft’s corporate email system and potentially accessed emails exchanged between government officials and Microsoft.
A hacking group known as Midnight Blizzard compromised Microsoft’s email system and stole emails. This potentially includes emails between US government agencies and Microsoft. The hackers might use stolen information like login details to try and access other government computer systems.
CISA requires all affected agencies to:
- Analyze the content of stolen emails to understand the severity of the breach.
- Reset any compromised login credentials for Microsoft and other potentially affected systems.
- Implement additional security measures for privileged Microsoft Azure accounts (high-level access accounts).
Timeline for Action
- By April 30th, 2024, agencies must identify all stolen emails and assess the overall security risk.
- Agencies must report the status of their response efforts to CISA by April 8th and May 1st, 2024.
This incident is the latest in a series of cybersecurity concerns surrounding Microsoft. Just last week, a US Cyber Safety Review Board report criticized the company for lapses and a lack of transparency related to a separate hack attributed to China, stating that the breach could have been prevented.
