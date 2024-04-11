



Kremlin-backed agents who accessed sensitive Microsoft systems in January using brute-force password-determining techniques successfully exfiltrated electronic correspondence from federal civilian agencies, the Cybersecurity Agency said Thursday and infrastructure security. The software giant issued an alert on the group, dubbed Midnight Blizzard by industry security researchers, around the start of the year. The hackers, linked to Russia's foreign intelligence service, are using data initially exfiltrated from the company's email systems, including authentication details shared between Microsoft customers and Microsoft via email, to obtain or attempt to gain additional access to Microsoft customer systems, CISA said. in the emergency directive. CISA said the company would provide necessary metadata on compromised emails to affected agencies, as well as metadata on all stolen agency correspondence. CyberScoop first reported on the directive last week, citing three government officials familiar with the matter. As we shared in our Blog of March 8, as we uncover secrets in our exfiltrated emails, we work with our clients to help them investigate and mitigate. That involves working with CISA on an emergency directive to provide guidance to government agencies, a company spokesperson said. Nextgov/FCW. Midnight Blizzard's successful compromise of Microsoft corporate email accounts and exfiltration of correspondence between agencies and Microsoft poses a serious and unacceptable risk to agencies, CISA said, advising agencies to analyze the content of exfiltrated emails, reset credentials, and ensure their Microsoft authentication tools are correct. secure. The company has already been criticized for what a DHS assessment last week called a lax culture that enabled a high-profile Chinese state-backed cyberattack last year, where hackers accessed email accounts Microsoft senior government officials. Although this second intrusion is outside the scope of the Commission's current review, the Board is troubled by the fact that this new incident occurred months after the Exchange Online compromise covered by this review, a wrote the Cyber ​​Safety Review Board in its findings last week, referring to Midnight. Blizzard incident. This additional intrusion highlights the board's concerns that Microsoft has not yet implemented the necessary security governance or prioritization to address apparent security weaknesses and control failures within its environment and to prevent similar incidents in the future, he added. Midnight Blizzard has been linked to many high-profile cyber incidents, including this one in 2020. SolarWinds hack and the 2016 Democratic National Committee hack.

