American cyber agency issues caution to Microsoft customers in the US regarding Russian threat

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to US federal agencies, mandating them to secure Microsoft Corp cloud accounts, analyze emails, and reset compromised credentials following a data breach by the Russian state-sponsored hacking group, Midnight Blizzard.

The directive, made public on Thursday, stems from a January breach at Microsoft, where Midnight Blizzard allegedly stole data, including email exchanges between the company and some US government agencies. This breach poses a significant risk, prompting CISA to take immediate action to protect sensitive information.

While the exact number and names of affected agencies have not been disclosed, all potentially impacted organizations have been notified by Microsoft and CISA. The directive sets a deadline of April 30th for agencies to reset credentials and identify compromised emails to mitigate further damage.

This incident is part of a broader trend of cyber threats posed by Russian hacking groups. In January, Microsoft warned of a similar hacking campaign by another Russian group, “Cozy Bear,” and Hewlett Packard Enterprise reported a cloud-based email breach linked to Midnight Blizzard.

CISA official Eric Goldstein emphasized the persistent threat posed by these hacking groups to both public and private organizations. While the directive does not specify if the hacking campaign is ongoing, it underscores the importance of proactive cybersecurity measures to safeguard sensitive data and prevent future breaches.