Russian hackers have taken advantage of a cyber attack on Microsoft to steal emails from the accounts of officials working in several US federal agencies.
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed in a statement that the breach is a result of the threat actor tracked by Microsoft as ‘MidnightBlizzard’ and known more widely as APT29, which has strong links to the Russian Foreign Intelligence Service.
CISA said that the hackers gained access “through a successful compromise of Microsoft corporate email accounts.”
Perfect espionage opportunity
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” CISA said in the statement, but did not disclose the agencies affected or the breadth of the damage.
An emergency directive was issued by the agency stating that email accounts belonging to civilian government agencies needed to be secured as a result of the attack on Microsoft, upon which many government agencies rely for email communications.
Microsoft first revealed that it was under attack in January 2024, stating that Russian hackers had managed to gain access to corporate email accounts in the cybersecurity and legal departments. The tech giant later confirmed that the breach was not confined, and that corporate accounts belonging to organizations outside of Microsoft were also affected.
Since then, Microsoft has been working to remove all access from the MidnightBlizzard group in what the company has described as an “ongoing attack,” stating that the threat actors “may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”
More from TechRadar Pro
- Here is our guide to the best firewalls
- International Monetary Fund warns cyberattacks could trigger bank runs
- Are you in the market for the best endpoint protection software?