The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that Russian government-backed hackers have leveraged their access to Microsoft's email system to pilfer correspondence between officials and the tech giant.
This revelation comes via an emergency directive released by CISA on Thursday, highlighting the severity of the cybersecurity breach. The directive, dated 2 April, warned that hackers have been capitalising on authentication details shared via email to infiltrate Microsoft's customer systems, including those of an unspecified number of government agencies.
The disclosure raises alarms across the cybersecurity landscape, especially in light of Microsoft's recent announcement in March regarding ongoing struggles with these intruders, referred to as "Midnight Blizzard."
The US Cyber Safety Review Board's report from last week attributed a separate hack, attributed to China, as preventable. The report criticised Microsoft for cybersecurity lapses and a perceived lack of transparency. These successive cyber threats underscore the urgent need for enhanced security measures and transparent communication in the face of evolving digital risks.
CISA has refrained from naming specific agencies that may have fallen victim to the hacking campaign. Meanwhile, Microsoft has assured that it is collaborating closely with affected customers to investigate and mitigate the breaches. The gravity of the situation prompts a call for heightened cybersecurity measures across all sectors.
CISA has cautioned that the scope of the cyberattack may extend beyond government entities, with non-governmental organisations potentially impacted as well.