Russian state-backed hackers have stolen email correspondence between several U.S. federal agencies and Microsoft in a monthslong breach of the tech giant's systems, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. The acknowledgment marks the first official confirmation that federal agency emails with Microsoft were specifically targeted and compromised in the hack, which was initially revealed in January.
The extent of the breach was detailed in an emergency directive issued by CISA on April 2 and made public on Thursday. The directive ordered agencies to take immediate steps to identify all compromised email correspondence and reset credentials for the affected accounts. CISA described the potential exposure of agency login credentials as an "unacceptable risk to agencies" and a "grave and unacceptable risk to agencies."
Eric Goldstein, executive assistant director for cybersecurity at CISA, stated during a call on the directive that while the agency was "not aware" of any breaches in active production environments at federal agencies, the breach posed an "exigent threat" to the government. Goldstein declined to comment on the number of agencies impacted by the breach.
The hacking group responsible for the breach, known as Midnight Blizzard, is a prolific Russian government-linked group that Microsoft has previously tied to the 2016 attack on the Democratic National Committee and the 2020 SolarWinds hack, which compromised around a dozen U.S. federal agencies. CISA noted in the directive that Microsoft had informed the agency of a "10-fold" increase in the overall attack after the initial breach in January, including mass efforts to use passwords from other compromised accounts.
Microsoft has notified the affected federal agencies and is providing metadata for all compromised emails. In a statement on Thursday, Microsoft said, "as we discover secrets in our exfiltrated email, we are working with our customers to help them investigate and mitigate. This includes working with CISA on an emergency directive to provide guidance to government agencies."
The breach has raised concerns about Microsoft's security practices and is likely to increase scrutiny of the tech giant, which has been under the federal spotlight in recent weeks for a separate hack of its systems by Chinese hackers. A U.S. government-backed review of that incident, released earlier this month, found that Microsoft committed a "cascade" of "avoidable errors" that allowed Chinese hackers to breach the company's network and later the email accounts of senior U.S. officials, including the secretary of commerce.
As U.S. cyber officials and Microsoft scramble to ensure there is no further damage from the Russian hacking campaign, the incident serves as a stark reminder of the ongoing threat posed by state-backed hackers targeting U.S. government agencies and critical infrastructure. The breach also underscores the need for heightened vigilance and improved cybersecurity measures to prevent and mitigate the impact of such attacks.
The Russian government has previously denied involvement in similar hacking activities.
