Russian Hackers Steal US Government Correspondence Through Microsoft Hack: US Agency

The US Cybersecurity and Infrastructure Security Agency (CISA) said a Russian hacker group known as Midnight Blizzard “exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft” after successfully compromising a number of Microsoft corporate email accounts.

“The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to Microsoft customer systems.

“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” read a CISA emergency directive on Thursday, April 11.

The announcement followed Microsoft’s report in January that a Moscow-sponsored hacker group “exfiltrated some emails and attached documents” and “access to some of the company’s source code repositories and internal systems” since November 2023, as reported by Kyiv Post.

CISA did not disclose the level of damage and the nature of the information Midnight Blizzard managed to exfiltrate, but it said both the agency and Microsoft has notified the agencies affected and CISA is now requiring the agencies to review and step up security measures.

“This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure,” said CISA.

St. Petersburg Police Shoots Man Attempting to Commit Suicide

Before being killed, the man stole a police officer's gun and shot him.

Microsoft previously identified the group as Midnight Blizzard, a Russian state-sponsored actor also known as Nobelium and Cozy Bear, which is associated with Russia’s Foreign Intelligence Service (SVR), according to a Microsoft cybersecurity report on Ukraine from June 2022.

The company’s January announcement said the group was “initially targeting email accounts for information related to Midnight Blizzard itself.”

It is believed the group has been utilizing password-spraying attacks in which the same, commonly used passwords were used on multiple accounts in brute-force attacks.

Midnight Blizzard was also the group behind the 2020 SolarWinds hack, in which multiple US federal agencies were compromised.

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter

Leo Chiu

Leo Chiu is a news reporter residing in Eastern Europe since 2015 with a profound interest in geopolitics, having witnessed two presidential elections in Belarus and visited numerous contested regions worldwide. He believes in the human side of journalism and that there's a story to be told behind every number and statistic.