Russian Hackers Took US Government Emails in Microsoft Cyberattack

Why Trust Techopedia
Key Takeaways

  • CISA said Russian cyberattackers stole US government emails while hacking Microsoft in January.
  • The "Midnight Blizzard" group allegedly works for Russian intelligence.
  • The news came as officials warned of escalating hacking attempts.

Russian cyberattackers stole US federal government email correspondence while infiltrating Microsoft in January, according to officials.

The US Cybersecurity and Infrastructure Security Agency (CISA) publicly issued an emergency directive calling on federal executive branch agencies to limit the damage from the hack attributed to state-sponsored hacking group Midnight Blizzard, also known as APT29.

The perpetrators are compromising Microsoft customer systems by using information stolen from the company’s corporate email network, including authentication data shared between the firm and its clients. The directive obligates affected agencies to study potentially stolen emails, reset relevant credentials, and take extra steps to lock down Azure accounts with high privileges.

CISA didn’t mention which agencies had emails stolen. It noted that other organizations might have been affected, however, and encouraged them to get in touch with their Microsoft account managers.

The directive was initially delivered to government bodies on April 2nd, but hadn’t been publicly disclosed until now. Cyberscoop learned of the alert on April 4.

Microsoft revealed the cyberattack in January after learning that the Russian team breached highly sensitive email accounts, including those of “senior leadership” as well as workers in cybersecurity and legal divisions. Midnight Blizzard was hoping to learn what Microsoft knew about the group before shifting its attention to other targets.

The tech pioneer was still trying to purge the hackers as of March, and hasn’t yet said if it has cleaned its email systems as of this writing.

Much like Fancy Bear (APT28) and similar groups, the hackers are understood to operate on behalf of Russia’s Foreign Intelligence Service. These teams are known to have been acting for several years or more. Midnight Blizzard’s Microsoft campaign just “adds to [Russia’s] long list,” CISA Director Jen Easterly said.

The incident came just days after the public-private Cyber Safety Review Board found that a China-linked 2023 hack stemmed from a series of security issues at Microsoft.