Midnight Blizzard Causes US Government Impact in Microsoft Breach


Microsoft has confirmed its collaboration with CISA on an urgent directive about a cyber threat, as reported by CRN. The U.S. federal government has reportedly been affected by a breach orchestrated by a Russian state-sponsored hacker group known as Midnight Blizzard. This group targeted Microsoft executive accounts, a breach disclosed in January.

According to a report from Scoop News Group on Thursday, CISA issued an emergency directive this week to federal agencies in response to the Midnight Blizzard attack impacting the U.S. government. Microsoft, in a statement to CRN, acknowledged its involvement with CISA in addressing this critical threat.

In its statement, Microsoft referenced its March 8 blog post, stating, "As we uncover exfiltrated email data, we are actively assisting customers in investigating and mitigating any repercussions." This includes collaborative efforts with CISA on an emergency directive tailored for government agencies.

Initially disclosed on January 19, the Midnight Blizzard attack, linked to Russia's SVR foreign intelligence unit, targeted senior leadership and cybersecurity/legal team members at Microsoft. The attack, which commenced in late November, prompted Microsoft to provide an update in early March, revealing ongoing exploitation attempts by Midnight Blizzard using the gleaned information.

As of now, the specific details of the CISA emergency directive remain undisclosed. However, a CISA spokesperson informed Scoop News Group that they are guiding federal agencies on securing potentially compromised accounts due to the Midnight Blizzard campaign.

In its March update, Microsoft noted increased activity by Midnight Blizzard, emphasizing their attempts to leverage discovered information, including shared cryptographic secrets like passwords and credentials, obtained via email exchanges.

Microsoft detailed unauthorized access attempts to internal systems and source code repositories using the exfiltrated data.

According to the Scoop News Group report, the CISA directive focuses on mitigating malicious activities by Midnight Blizzard.

This disclosure follows a recent scathing report from the Cyber Safety Review Board, appointed by U.S. Homeland Security, which criticized Microsoft's security practices and culture. The report specifically addressed the 2023 Microsoft Exchange Online breach, attributed to China, which impacted several federal agencies and officials, including Commerce Secretary Gina Raimondo. The review board attributed the email breach to "a cascade of Microsoft’s avoidable errors."