Russian Hackers Exploit Microsoft Email to Access US Government Correspondence

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that Russian-backed hackers use Microsoft email systems to infiltrate and steal US government correspondence. This alarming breach comes as federal officials scramble to safeguard sensitive communications following recent security lapses.

US Cyber Agency Alerts Russian Hackers Exploiting Microsoft Emails Amid Ongoing 'Midnight Blizzard' Intrusion

In a recent report by The Star, the agency warned in an April 2 directive that hackers were using email-shared authentication details to attempt to break into Microsoft's customer systems, including those of an unspecified number.

The warning that government agencies are being targeted with stolen Microsoft emails comes after the company announced in March that it was still dealing with the intruders, dubbed "Midnight Blizzard."

That disclosure, which sounded alarms throughout the cybersecurity industry, was followed last week by a report from the United States. The Cyber Safety Review Board concluded that a separate hack, blamed on China, was preventable, blaming the company for cybersecurity flaws and a deliberate lack of transparency.

CISA declined to identify the agencies that may have been affected. In an email, Microsoft stated it was "working with our customers to help them investigate and mitigate. This includes working with CISA on an emergency directive to guide government agencies."

The Russian Embassy in Washington, which has previously denied being behind hacking campaigns, did not immediately respond to a message seeking comment.

CISA warned that the hackers may have targeted non-governmental organizations as well.

"Other organizations may have also been impacted by the exfiltration of Microsoft corporate email," CISA stated, advising customers to contact Microsoft for more information.

US Confirms Russian Hackers Accessed Government Emails via Microsoft Breach, Prompting Urgent Security Measures

Russian state-backed hackers stole email correspondence between US government agencies and Microsoft through a breach of the software company's systems, US officials confirmed on April 11, per CNN.

Microsoft has notified "several" US federal agencies that hackers may have stolen emails containing login information such as usernames or passwords, according to Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency (CISA).

"At this time, we are unaware of any agency production environments that have experienced a compromise due to a credential exposure," Goldstein said. In other words, a CISA official told CNN that there is no evidence yet that the hackers had used the stolen credentials to successfully break into federal computer systems that are actively in use.

However, the breach of Microsoft emails is still causing the tech giant and US cyber officials to scramble to prevent further damage at the hands of the alleged Russian operatives.

CISA issued an "emergency directive" on April 11, ordering civilian agencies that may be affected by the hacking campaign to strengthen their defenses. CISA called the potential disclosure of agency login credentials an "unacceptable risk to agencies."

CNN has sought comment from the Russian Embassy in Washington, DC.

The hackers in question are a notorious cyber espionage group that US officials have previously linked to Russia's foreign intelligence service.

It's the latest twist in a hacking incident that Microsoft first revealed in January but has only gotten worse as more details emerge. In March, Microsoft revealed that the hackers gained access to some of the company's core software systems and used that information to launch additional attacks on Microsoft customers.

Days after Microsoft disclosed the breach in January, Hewlett Packard Enterprise announced that the same hackers had breached its cloud-based email systems. The full scope and exact purpose of the hacking activity are unknown. However, experts say the group responsible has a history of large-scale intelligence-gathering campaigns supporting the Kremlin.

The same Russian group was responsible for the infamous breach of several US agency email systems using software developed by US contractor SolarWinds, which was revealed in 2020. The hackers had unclassified email accounts at the Departments of Homeland Security and Justice, among other agencies, for months before the spying operation was discovered.

Russia denied involvement in the activity.

"As we shared in our March 8 blog, as we discover secrets in our exfiltrated email, we are working with our customers to help them investigate and mitigate," a Microsoft spokesperson said in a statement to CNN on April 11. "This includes working with CISA on an emergency directive to guide government agencies."

It's the latest foreign hacking campaign targeting US government agencies via Microsoft software.

According to a US government-backed review of the incident released this month, Microsoft made a "cascade" of "avoidable errors" that allowed Chinese hackers to breach the tech giant's network and later the email accounts of senior US officials, including the secretary of commerce, in 2018.