The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive mandating US federal agencies to secure Microsoft Corp cloud accounts, analyze emails, and reset compromised credentials following a data theft incident by the Russian hacking group Midnight Blizzard. The directive, made public on Thursday, comes after concerns of persistent threats from hacking groups targeting government agencies.
The directive instructs agencies to analyze emails, reset compromised credentials, and tighten security protocols in response to a breach at Microsoft in January, allegedly carried out by Midnight Blizzard. The group is believed to have stolen data, including email exchanges between Microsoft and some US government agencies, posing a significant risk to national security.
While the exact number and names of affected agencies have not been disclosed, Microsoft and CISA have notified potentially impacted organizations. The directive sets a deadline of April 30th for agencies to reset credentials and identify compromised emails to mitigate the risk of further data breaches.
This incident highlights the ongoing threat posed by Russian hacking groups to both public and private organizations. In January, Microsoft warned of a similar hacking campaign by the group “Cozy Bear,” and Hewlett Packard Enterprise reported a cloud-based email breach linked to Midnight Blizzard.
CISA official Eric Goldstein emphasized the importance of addressing these threats promptly and effectively. The directive aims to enhance cybersecurity measures and protect sensitive information from future attacks.