The U.S. Cybersecurity and Infrastructure Security Agency disclosed that Russian government-backed hackers have utilized their access to Microsoft’s email system to pilfer correspondence between officials and the tech giant. An emergency directive issued by the U.S. watchdog on Thursday revealed this alarming breach.
In the directive dated April 2, the agency cautioned that hackers were leveraging authentication details obtained through email to infiltrate Microsoft’s customer systems, including those of unspecified government agencies. This revelation of government agencies being targeted through stolen Microsoft emails comes after the company’s acknowledgment in March of ongoing struggles with the intruders dubbed “Midnight Blizzard.”
Following this disclosure, which sent ripples of concern throughout the cybersecurity sector, a recent report from the U.S. Cyber Safety Review Board blamed a separate hack on China as preventable and criticized Microsoft for cybersecurity deficiencies and lack of transparency.
CISA refrained from naming the agencies possibly affected, while Microsoft stated in an email that they are collaborating with customers to investigate and address the issue. The company is working with CISA on an emergency directive to offer guidance to government agencies.
The Russian Embassy in Washington, which has previously denied involvement in hacking endeavors, did not respond immediately to a request for comment. CISA also cautioned that non-governmental groups may have been targeted by the hackers.
“Other organizations may have also been impacted by the exfiltration of Microsoft corporate email,” CISA advised, urging customers to reach out to Microsoft for additional information.
Follow Emirates 24|7 on Google News.
