Skip to content

Search the site


CISA issues warning over 'Midnight Blizzard' Microsoft attack

CISA has posted a new directive for US government agencies regarding targeted attacks by the Midnight Blizzard hacking team that also hit Microsoft

The US government's cybersecurity watchdog has issued a new warning over the attacks that saw Microsoft employee emails breached.

The US Cybersecurity and Infrastructure Security Agency (CISA) said it has issued an emergency directive to government agencies to protect against the attack by APT crew Midnight Blizzard.

While CISA had originally warned its agencies about the attack in early April, Thursday's update calls for new measures to be taken in order to identify accounts that could have been compromised by the attackers.

"The Directive was initially issued to federal agencies on April 2nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft," CISA explained.

"This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts."

The attack, which was believed to have occurred in January, saw a number of Microsoft corporate accounts compromised. The threat actors were also believed to have accessed some of Microsoft's source code.

While the software giant initially played down the attack as very limited in impact, it would later come forward and admit that the threat actors were able to get far deeper into its network than it first thought.

From the start, the attack was attributed to hackers either employed by or otherwise backed by the Russian government, something CISA Director Jen Easterly reiterated in announcing her agency's latest emergency directive.

"As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, ensuring that federal civilian agencies are taking all necessary steps to secure their networks and systems is among our top priorities. This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems,” said Easterly.

"For several years, the US government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list."