The U.S. Cybersecurity and Infrastructure Security Agency said Thursday that Russian government-backed hackers used access to Microsoft's email system to steal communications between officials and the tech giant. This was revealed in an emergency directive issued by a US surveillance agency.
In an April 2 directive, the agency warned that hackers are attempting to exploit credentials shared via email to break into Microsoft customer systems, including those of an unspecified number of government agencies.
The warning that government agencies are being targeted using stolen Microsoft emails follows an announcement in March that the company was still battling an intruder it dubbed “Midnight Blizzard.”
This disclosure set off alarm bells across the cybersecurity industry, but just last week, a report from the U.S. Cyber Security Review Board was released, stating that another hack by China was preventable and that the company's cybersecurity shortcomings were He said the deficiencies were blamed. Deliberate lack of transparency.
CISA did not name any agencies that may have been affected. Microsoft said in an email that it is “working with customers to assist with investigation and mitigation.” This includes him working with CISA on emergency directives to provide guidance to government agencies. ”
The Russian embassy in Washington has previously denied being behind the hacking operation, but did not immediately return messages seeking comment.
CISA warned that the hackers may also have targeted non-governmental organizations.
“Other organizations may have been affected by the Microsoft corporate email breach,” CISA said, and encouraged customers to contact Microsoft for more information.
(Reporting by Raphael Satter; Editing by Franklin Paul, Richard Chang and Diane Craft)
Want to stay informed?
Get the latest insurance news
Sent directly to your inbox.
