Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems, US officials confirmed on Thursday. Microsoft has notified “several” US federal agencies that the hackers may have stolen emails that Microsoft sent to those agencies that included login information such as usernames or passwords. Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency (CISA), told reporters.
Goldstein mentioned that there is no evidence yet that the hackers had used the stolen credentials to successfully break into federal computer systems that are actively in use. However, the breach of Microsoft emails has prompted the tech giant and US cyber officials to take immediate action to prevent further damage at the hands of the alleged Russian operatives.
CISA has issued an “emergency directive” to civilian agencies potentially affected by the hacking campaign, instructing them to enhance their cybersecurity defenses. The exposure of agency login credentials is deemed an “unacceptable risk” by CISA.
The hackers responsible for the breach are a well-known cyber-espionage group that US officials have linked to Russia’s foreign intelligence service. This incident is part of a larger hacking campaign that Microsoft first disclosed in January and has since escalated in severity.
In March, Microsoft revealed that the hackers had accessed core software systems, using the information for subsequent attacks on Microsoft customers. Hewlett Packard Enterprise also reported a breach of its cloud-based email systems by the same hackers shortly after Microsoft's disclosure.
The exact motives behind the hacking activity remain unclear, but experts believe the group has a history of conducting intelligence gathering operations in support of the Kremlin. This same Russian group was responsible for the SolarWinds breach in 2020, which targeted several US agency email systems.
Microsoft is actively working with affected customers to investigate and mitigate the breach. The company is collaborating with CISA on an emergency directive to provide guidance to government agencies on addressing the security implications of the incident.
This latest foreign hacking campaign targeting US government agencies through Microsoft software follows a previous incident where Chinese hackers breached Microsoft's network and accessed the email accounts of senior US officials, as revealed in a recent government-backed review.
