Alleged Russian hackers stole email conversations between Microsoft and U.S. federal agencies
By richardbrown // 2024-04-19
 
United States officials have confirmed that Russian hackers successfully gained access to and pilfered government emails exchanged between Microsoft and federal agencies. Eric Goldstein, a senior official at the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), informed reporters that Microsoft had alerted several federal agencies about the potential breach, indicating that the hackers may have obtained login credentials and passwords. (Related: Will hackers cripple America with a cyberattack? Expert says it might happen in 2024.) Goldstein emphasized that there have been no reported compromises of agency production environments resulting from the credential exposure. Furthermore, a CISA official informed media outlets that there is no current evidence to suggest that the hackers managed to utilize stolen credentials to breach government computer systems. In response to the security threat, CISA issued an "emergency directive" earlier in the week, advising civilian agencies potentially affected by the breach to enhance their security measures. According to Microsoft, a Russian state-sponsored hacking group that previously stole sensitive data from Microsoft executives is now attempting to exploit that information to infiltrate the company's source code and other internal systems. This revelation indicates that the hacking campaign, initially identified by Microsoft in January, had more extensive unauthorized access than initially believed. Microsoft described the hackers' ongoing attack as marked by a sustained, significant commitment of resources, coordination, and focus, warning of the possibility of further unauthorized access. In February, the hackers intensified their efforts by increasing tenfold the volume of attempted password spray attacks, a technique aimed at breaching high-value accounts by trying multiple passwords on specific usernames. Additionally, the group is reportedly attempting to exploit secrets shared between Microsoft and its customers through email. Microsoft clarified, however, that there is no evidence to suggest a compromise of its customer-facing systems hosted by the company. Referred to as "Midnight Blizzard" by Microsoft, the suspected Russian hackers are also known as Cozy Bear and APT29 by industry experts. In February, the U.S., the United Kingdom and other Western allies issued warnings regarding this group, alleging that it has ties to and the backing of the Russian Foreign Intelligence Service. These warnings highlighted the group's efforts to access cloud environments, targeting various sectors such as aviation, education, law enforcement, government financial departments and military organizations. This group was previously implicated in the 2021 cyberattack on SolarWinds Corp., where malicious code inserted into a software update facilitated further access to customers. This attack affected approximately 100 companies and nine federal agencies.

Microsoft still battling to keep hackers out of its servers

Meanwhile, Microsoft disclosed last month that it continues to grapple with elite Russian government hackers who infiltrated the email accounts of senior company executives in November. While the extent of the accessed source code and the capabilities gained by the hackers remain undisclosed, Microsoft revealed that the hackers stole cryptographic secrets, such as passwords, certificates, and authentication keys, from email communications between the company and its customers. The company is now actively reaching out to affected customers to assist in implementing mitigating measures. Microsoft emphasized that the hackers' ongoing attack displays a sustained commitment of resources, potentially utilizing obtained data to identify vulnerable areas for future attacks. This persistence underscores the unprecedented global threat landscape, especially concerning sophisticated nation-state attacks. The disclosure comes amidst increased scrutiny of Microsoft's security practices and transparency regarding vulnerabilities and breaches. Some cybersecurity experts express frustration over what they perceive as Microsoft's secrecy and misleading statements regarding security incidents. Watch this clip showing how alleged Russian hackers were able to get over 30,000 electric vehicles in Lithuania to stop working. This video is from the Cynthia's Pursuit of Truth channel on Brighteon.com.

More related stories:

Ukrainian intelligence claims Russian hackers are targeting Elon Musk’s Starlink network. FOREIGN HACKERS target water infrastructure in Pennsylvania, prompting calls for increased cybersecurity. Chinese hackers exploit Microsoft cloud bug to raid US government email accounts, including the Commerce Secretary’s. Sources include: JustTheNews.com Bloomberg.com APNews.com Brighteon.com