US Warns Agencies of Possible Breach Via Microsoft Hack

(Bloomberg) -- US federal agencies were ordered to analyze emails, reset compromised credentials and work to secure Microsoft Corp. cloud accounts amid concerns that a Russian nation-state hacking group may have accessed some correspondence.

Most Read from Bloomberg

• China Tells Iran Cooperation Will Last After Attack on Israel

• Beyond the Ivies: Surprise Winners in the List of Colleges With the Highest ROI

• Treasury Yields Hit 2024 Highs as Powell in Focus: Markets Wrap

• IMF Steps Up Its Warning to US Over Spending and Ballooning Debt

• Iran’s Conflict With Israel Puts US Ally Jordan on Edge

The directive from the US Cybersecurity and Infrastructure Security Agency, known as CISA, came in response to breach of Microsoft that the tech giant disclosed in January. A Russian state-sponsored group called Midnight Blizzard was accused of exfiltrating data from Microsoft and using it to try compromise some of the company’s customers, according to the CISA alert. That includes correspondence between federal agencies and Microsoft, according to CISA.

The emergency directive was initially issued on April 2 and made public Thursday.

Microsoft and CISA have notified all federal agencies whose emails may have been compromised by the hacking group, according to the government directive. It didn’t disclose the names or number of agencies.

The incident represents a “grave and unacceptable risk” to agencies, according to the directive.

A spokesperson for the Russian Embassy in Washington didn’t immediately respond to a request for comment.

Asked if the hacking campaign had been stopped, Eric Goldstein, executive assistant director at CISA, said the group poses a “persistent threat to organizations public and private.”

Federal agencies have until April 30 to reset credentials for related applications, and are also required to identify affected email correspondence by that deadline as well.

In January, Microsoft said it had been warning organizations that they were targets of the same Russian-sponsored group that hacked into sensitive corporate email accounts last year. The hackers — also known as Cozy Bear — have been identified by Microsoft’s threat intelligence team as the same cyber-espionage group that “has been targeting other organizations,” according to the January blog post.

Hewlett Packard Enterprise Co. also reported in January that it suffered a breach of its cloud-based email system that it said was likely caused by Midnight Blizzard.

The new US directive was previously reported by security news site CyberScoop.

--With assistance from Katrina Manson.

Most Read from Bloomberg Businessweek

• A Resilient Global Economy Masks Growing Debt and Inequality

• Cities Use AI to Help Ambulances and Firetrucks Arrive Faster

• The Shadow Swiftie Economy Booms With Bootleg Bracelets and $1,150 Bodysuits

• Top Takeaways From Businessweek’s Investigation of Teenage Sextortion

• How a Pioneering Blackjack Master Beats the Odds of Aging

©2024 Bloomberg L.P.