Russian Hackers Breach Microsoft: U.S. Agencies on High Alert

Russian state-backed hackers have successfully infiltrated Microsoft’s corporate email system, gaining unauthorized access to sensitive information. The breach, discovered in late November and confirmed by U.S. officials, has far-reaching implications for both cybersecurity and international relations.

The attack, attributed to the group known as “Midnight Blizzard” (also referred to as APT29), targeted Microsoft’s email infrastructure. These hackers, believed to be affiliated with Russia’s Foreign Intelligence Service (SVR), exploited vulnerabilities to compromise corporate email accounts.

The hackers managed to pilfer federal government emails exchanged between U.S. agencies and Microsoft. This correspondence represents a critical link between government entities and the tech giant.

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive On April 2 to civilian government agencies, urging them to secure their email accounts. The urgency stemmed from new intelligence indicating that the Russian hackers were intensifying their intrusions.

CISA minced no words in its assessment: “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies.” The stolen emails contain sensitive information that could compromise national security.

Microsoft had previously detected the intrusion, identifying the Russian hacking group’s activities within its systems. In January, Microsoft disclosed that the hackers had breached corporate email accounts, including those of senior leadership, cybersecurity experts, and legal personnel.

The U.S. Cyber Safety Review Board (CSRB), a group of government and private cybersecurity experts led by the US Department of Homeland Security, has attributed an earlier 2023 breach of U.S. government emails to China government-backed hackers. In this case, the blame fell on a “cascade of security failures at Microsoft.”

The hack “was preventable and should never have occurred,” says a report just released.

In particular, the review board faulted Microsoft for not adequately protecting a sensitive cryptographic key that allowed the hackers to remotely sign into their targets’ Outlook accounts by forging credentials.

“Microsoft’s security culture was inadequate and requires an overhaul” in light of the company’s “centrality in the technology ecosystem,” the report concludes.

Last year, one Microsoft AI employee accidentally leaked 38TB of data via a bad URL, leaving Microsoft's AI models vulnerable to exploit or attack.

The CSRB panel has urged Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

This all comes as Microsoft has announced the suspension from April 1 of access to over fifty cloud products for Russian organizations as part of the sanctions requirements against the country issued by EU regulators last December. This decision comes in response to the ongoing Ukraine conflict.