By Georgi Gotev | Euractiv Est. 2min 12-04-2024 Content-Type: News Service News Service Produced externally by an organization we trust to adhere to journalistic standards. The US Cybersecurity and Infrastructure Security Agency issued a directive which requires emergency action by fed civilian agencies after Russian state-sponsored actors compromised Microsoft's corporate email system. [The US Cybersecurity and Infrastructure Security Agency on X, formerly Twitter] Euractiv is part of the Trust Project >>> Languages: DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram The US Cybersecurity and Infrastructure Security Agency said Russian government-backed hackers have used their access to Microsoft’s email system to steal correspondence between officials and the tech giant, an emergency directive by the US watchdog released on Thursday (11 April) showed. In the directive dated 2 April, the agency warned that hackers were exploiting authentication details shared by email to try to break into Microsoft’s customer systems, including those of an unspecified number of government agencies. We publicly issued Emergency Directive (ED) 24-02 which requires emergency action by fed civilian agencies after Russian state-sponsored actors compromised Microsoft's corporate email system: https://t.co/YX6iPDTe95 We encourage all orgs to take steps to mitigate their risk. pic.twitter.com/yEESwpOnjD — Cybersecurity and Infrastructure Security Agency (@CISAgov) April 11, 2024 The warning that government agencies are being targeted using stolen Microsoft emails follows the company’s announcement in March that it was still wrestling with the intruders, which it nicknames “Midnight Blizzard.” That disclosure, which set alarm bells ringing across the cybersecurity industry, was followed just last week by a report from the US Cyber Safety Review Board which said that a separate hack – blamed on China – had been preventable, faulting the company for cybersecurity lapses and a deliberate lack of transparency. Chinese hackers stole emails from US State Department in Microsoft breach Chinese hackers who breached Microsoft’s email platform this year managed to steal tens of thousands of emails from US State Department accounts, a Senate staffer told Reuters on Wednesday (27 September). CISA declined to name agencies that might have been affected. Microsoft said in an email that it was “working with our customers to help them investigate and mitigate. This includes working with CISA on an emergency directive to provide guidance to government agencies.” The Russian Embassy in Washington, which in the past has denied being behind hacking campaigns, did not immediately return a message seeking comment. CISA warned that the hackers might have gone after non-governmental groups as well. “Other organizations may also have been impacted by the exfiltration of Microsoft corporate email,” CISA said, encouraging customers to contact Microsoft for further details. Read more with Euractiv Mali extends crackdown to ban media coverage of political partiesMali's ruling military junta on Thursday (11 April) banned media coverage of political parties a day after suspending their activities, marking the latest crackdown on dissent in the West African nation.
