Russian state-backed hackers have breached Microsoft’s systems and stolen email correspondence between US government agencies and Microsoft. The hackers have obtained login information such as usernames and passwords that were included in the emails sent by Microsoft to several US federal agencies. While there is no evidence yet that the hackers have used the stolen credentials to break into federal computer systems actively in use, the breach is still causing concern among tech giant and US cyber officials as they scramble to prevent further damage at the hands of the alleged Russian operatives.
In response to the hacking incident, the US Cybersecurity and Infrastructure Security Agency (CISA) has released an “emergency directive” ordering potential affected civilian agencies to strengthen their defenses. CISA has deemed the potential exposure of agency login credentials as an “unacceptable risk” that needs to be addressed urgently. The Russian Embassy in Washington, DC has been contacted for comment, although the hackers have been identified as an infamous cyber-espionage group linked to Russia’s foreign intelligence service, responsible for wide-ranging intelligence gathering campaigns in support of the Kremlin.
The hacking incident involving the breach of Microsoft’s systems is a continuation of a series of cyber-attacks that have targeted US agencies and companies. Microsoft first revealed the breach in January, revealing that the hackers had accessed core software systems and were using that information for follow-on attacks on Microsoft customers. In March, Hewlett Packard Enterprise also disclosed that the same hackers had breached its cloud-based email systems. The exact purpose and the full extent of the hacking activity remain unclear, but experts believe the group responsible has ties to the Russian government and has been involved in previous high-profile attacks.
This breach adds to the growing list of cyber-attacks that have targeted US government agencies through Microsoft software. The hackers responsible for this latest incident were also behind the notorious breach of several US agency email systems using software made by US contractor SolarWinds in 2020. They had access to unclassified email accounts at the departments of Homeland Security and Justice for months before the spying operation was discovered. Despite the evidence linking the attacks to Russia, the country has denied any involvement in the activity.
As investigations continue, Microsoft is working with its customers to investigate and mitigate the impact of the breach. The company is collaborating with CISA on an emergency directive to provide guidance to government agencies affected by the hacking campaign. Additionally, a recent review released by the US government highlighted a series of avoidable errors committed by Microsoft that allowed Chinese hackers to breach the tech giant’s network and access the email accounts of senior US officials. This incident further emphasizes the need for heightened cybersecurity measures to protect government agencies and private sector companies from future cyber-attacks.
