HomeWinBuzzer NewsCISA Mandates Immediate Action Following Microsoft Email System Breach

CISA Mandates Immediate Action Following Microsoft Email System Breach

Russian hackers infiltrated Microsoft email, stole US government data (emails, logins). CISA urges federal agencies to reset credentials and tighten security.

-

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive following the discovery that Russian espionage operatives, known as Midnight Blizzard or Cozy Bear, infiltrated 's email system. The breach, which was first reported earlier this year, allowed the hackers to access and exfiltrate sensitive data, including email correspondences between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. The stolen data encompasses authentication details, which are reportedly being used in attempts to access further systems.

Details of the Breach and Immediate Actions Required

Upon detection of the breach, CISA's Emergency Directive ED 24-02 mandates federal agencies to conduct a thorough review of the compromised emails, reset any exposed credentials, and bolster the security of authentication tools, particularly for privileged Microsoft Azure accounts. Agencies are required to report their initial findings by April 8, with a subsequent update due by May 1, followed by weekly updates on remediation efforts until the issue is fully resolved. Microsoft has committed to providing affected agencies with metadata related to the exfiltrated emails, aiding in the identification and mitigation of potential security risks.

Implications and Responses

The breach not only signifies a major threat but also casts a shadow over Microsoft's security practices. Critics, including Amit Yoran, chairman and CEO of Tenable, have voiced concerns to The Register over Microsoft's handling of the incident, suggesting that the company's “lackadaisical security practices and negligent approach to disclosure” pose a risk. The escalation of intrusion attempts by Midnight Blizzard, notably through password spraying attacks which reportedly increased tenfold in February compared to January, underscores the persistent threat posed by the group.

In response to the breach, CISA plans to compile a comprehensive report by September 1, detailing the cross-agency status and any outstanding issues. This report will be submitted to the Secretary of Homeland Security and the Director of the Office of Management and Budget, with a copy also provided to the National Cyber Director. The incident highlights the ongoing challenges in cybersecurity and the need for vigilant security practices among federal agencies and their private sector partners.

SourceCISA
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News