Russian government-backed hackers have reportedly exploited access to Microsoft’s email system, stealing correspondence between officials and the tech giant.
Key Points:
-
Russian government-backed hackers exploited access to Microsoft’s email system, as per a directive from CISA.
-
The directive warned of hackers using email authentication details to infiltrate Microsoft customer systems, including government agencies.
-
This follows Microsoft’s acknowledgment of ongoing struggles against intruders named “Midnight Blizzard” and a separate hack attributed to China.
According to an emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Thursday.
The directive, issued on April 2, cautioned that hackers were leveraging email authentication details to infiltrate Microsoft customer systems, including those of unspecified government agencies.
This alarming revelation follows Microsoft’s acknowledgment in March of ongoing struggles against intruders dubbed “Midnight Blizzard.”
The cybersecurity industry’s concerns intensified further with a recent report from the U.S. Cyber Safety Review Board, attributing a separate hack to China and criticising Microsoft for cybersecurity oversights and lack of transparency.
While CISA refrained from naming affected agencies, Microsoft assured collaboration with customers and CISA to investigate and mitigate the breach. The Russian Embassy in Washington, historically denying involvement in hacking activities, did not respond immediately to requests for comment. CISA also cautioned that non-governmental organisations might have been targeted, urging customers to liaise with Microsoft for additional information.
