Apr 11, 2024 - Technology

Russian hackers steal agencies' emails as part of Microsoft hack

A Microsoft Experience Center is seen on Fifth Avenue on April 03, 2024 in New York City.

Photo: Michael M. Santiago'Getty Images

Russian intelligence hackers stole emails between federal agencies and Microsoft and potentially collected login credentials during a recent breach of the tech company, a top U.S. cyber official said Thursday.

Why it matters: Microsoft has said that the hacking group, known as Midnight Blizzard, is continuing to target its networks in an effort to steal its source code and its customers' secrets.

  • The U.S. government is heavily reliant on Microsoft's products, including its cloud infrastructure and email servers.

Zoom in: The Cybersecurity and Infrastructure Security Agency (CISA) published an emergency directive Thursday requiring affected agencies to study the contents of stolen emails for signs of leaked login information and other sensitive details.

  • Microsoft has also notified "several" federal agencies that their login credentials, session tokens or other authentication data may have been included in those emails, Eric Goldstein, executive assistant director for cybersecurity at CISA, told reporters.
  • Agencies whose login credentials may have been exposed have until the end of the month to reset or deactivate any affected passwords, session tokens and API keys — as well as to study the activity of users whose credentials were exposed for signs of an intrusion.
  • CISA privately issued the directive to affected agencies last week. CyberScoop first reported on the advisory.

Catch up quick: Microsoft reported the Russian hack of its networks back in January when it detected that Midnight Blizzard had accessed some of its executives' email inboxes.

  • Midnight Blizzard first gained access to executives' and other team members' emails via a password spraying attack, where hackers use the same password across different accounts until they're successful.

Yes, but: Microsoft's investigation is still ongoing, and Goldstein said the number of affected agencies could change as the probe continues.

  • Goldstein declined to say how many agencies Microsoft has notified so far.

The big picture: The fallout from the Russian breach comes as Microsoft is facing increased government scrutiny over its internal security practices.

  • Last week, a high-profile government review board released a scathing report calling out Microsoft for "avoidable errors" that allowed Chinese government hackers to infiltrate a Microsoft 365 cloud environment and steal emails from top government officials.

Between the lines: Officials are concerned that Midnight Blizzard will use information in the stolen emails to further infiltrate U.S. government networks.

  • However, Goldstein noted that CISA is not aware "at this time" of hackers compromising any federal agencies' working systems due to the exposures.

What's next: Affected agencies have until April 30 to complete CISA's directive and provide weekly updates on the progress made to reset passwords, session tokens and other authentication tools.

  • By Sept. 1, CISA will provide a report to the heads of the Department of Homeland Security, the Office of Management and Budget and the Office of the National Cyber Director on any "outstanding issues."
Go deeper