Microsoft announced early last month that on January 12, 2024, it detected a security breach in its corporate email systems, which was traced back to the notorious hacking group Midnight Blizzard.
The hacking group is known to be a Russia government-backed group that also goes by the name Nobelium, and the attack on Microsoft servers resulted in the group gaining access to federal government emails. Now, the US Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity arm of the US government, has confirmed via a statement published on Thursday that federal government emails were stolen "through a successful compromise of Microsoft corporate email accounts."
"Midnight Blizzard's successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," said CISA
On April 2, the cybersecurity agency released an emergency directive ordering civilian government agencies to take action to secure their accounts, as the agency received new information that Russian-backed hackers were increasing the frequency of their attacks. CISA didn't specifically mention the US government agencies affected by the Microsoft hack.
"Midnight Blizzard's ongoing attack is characterized by a sustained, significant commitment of the threat actor's resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks," wrote Microsoft