The Cybersecurity and Infrastructure Security Agency reported Thursday that Russian government-backed hackers have exploited Microsoft’s email systems to steal correspondence from multiple U.S. government agencies.
The agency issued an emergency directive on April 2, warning that hackers were using stolen authentication details to access Microsoft customer systems.
This advisory follows Microsoft’s March announcement that it was contending with intrusions by a group it has dubbed “Midnight Blizzard.”
According to a recent U.S. Cyber Safety Review Board report, a separate and preventable hack attributed to China exposed cybersecurity weaknesses and criticized Microsoft for a lack of transparency.
The Cybersecurity and Infrastructure Security Agency declined to specify which agencies had been compromised. Microsoft is collaborating closely with affected customers and the agency to mitigate the impact, which includes issuing guidance under the emergency directive.
The Russian Embassy in Washington, previously accused of sponsoring such cyberattacks, has not responded to requests for comment.
The agency also cautioned that non-governmental organizations might have been affected. “Other entities may also have been impacted by the exfiltration of Microsoft corporate email,” the agency stated, urging those potentially affected to consult with Microsoft for more details.