Midnight Blizzard Hackers Storm Microsoft, Compromise U.S. Agency Emails

April 12, 2024
Midnight Blizzard Hackers Storm Microsoft, Compromise U.S. Agency Emails
  • Russian state-sponsored hackers, named Midnight Blizzard, breached Microsoft's corporate email accounts, compromising communications with U.S. federal agencies.

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to handle the breach and secure the affected credentials.

  • The hackers, associated with Russian intelligence, escalated their attack efforts in February and gained access to Microsoft's source code and internal systems.

  • Microsoft is actively notifying customers whose confidential information was exposed in the stolen emails to help them take protective actions.

  • The initial breach method was a password spray attack on a test account lacking multifactor authentication.

  • The same hacking group also infiltrated Hewlett Packard Enterprise's cloud-based email service.

  • Senator Ron Wyden criticized Microsoft's cybersecurity measures and called for accountability in the wake of the breaches.

  • The threat from the Midnight Blizzard group remains ongoing, with continued efforts to address and mitigate the consequences of their cyber intrusions.

Summary based on 1 source


Get a daily email with more Tech stories

Source

More Stories