The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on Thursday as it warned that the Russian state-sponsored cyber actor Midnight Blizzard was targeting Microsoft corporate email accounts, and potentially trying to access correspondence with Federal Civilian Executive Branch (FCEB) agencies.
“Midnight Blizzard is using information initially exfiltrated from Microsoft corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to certain Microsoft customer systems,” said CISA’s post, adding that they have notified affected federal agencies.
Emergency Directive 24-02 was issued on April 2, and it requires agencies to analyse emails that may have been impacted, as well as reset the compromised credentials while also stepping up the security for privileged Microsoft Azure accounts.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
CISA is especially concerned about the impact of the breach on Federal Civilian Executive Branch (FCEB) agencies, but warned that all other organisations should stay in touch with Microsoft and follow security practices such as setting up strong passwords, using multifactor authentication (MFA), and sending information only through secure channels.
Both Russian and Chinese hackers have in the past tried to exploit Microsoft’s professional offerings such as its corporate email service and Teams video collaboration platform, in order to access high-level information sent between U.S. government entities.