The Cybersecurity and Infrastructure Security Agency (CISA) issued a stern warning on Thursday, revealing that Russian government-backed hackers breached a significant number of US government email accounts.
The attackers reportedly exploited access to Microsoft’s email system to steal correspondence between US officials and the tech giant.
The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to Microsoft customer systems. According to Microsoft, Midnight Blizzard has increased the volume of some aspects of the intrusion campaign, such as password sprays, by as much as 10-fold in February, compared to an already large volume seen in January 2024.
CISA said
CISA declined to name agencies that might have been affected. Microsoft said in an email that it was “working with our customers to help them investigate and mitigate. This includes working with CISA on an emergency directive to provide guidance to government agencies.”
