U.S. cybersecurity agency CISA has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” said CISA.
CISA made details of the emergency directive public on Thursday after giving affected federal agencies a week to reset passwords and secure affected systems.
CISA did not name the affected federal agencies that had emails stolen, and a spokesperson for CISA did not immediately comment when reached by TechCrunch.
The emergency directive comes as Microsoft faces increasing scrutiny of its security practices after a spate of intrusions by hackers of adversarial nations.
On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year.
This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company said.
This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
This new intrusion comes after Microsoft revealed in January that Russian government hackers had broken into the company’s systems last November.
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR.
On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies.
In a new blog post, Microsoft said that “the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations.”At this point, it’s unclear how many organizations the Russian-backed hackers targeted.
Microsoft, however, said that the hackers specifically targeted the company’s senior executives, as well as people who work in cybersecurity, legal, and other departments.
The hackers were able to steal “some emails and attached documents.”Curiously, the hackers were interested in finding out information about themselves, specifically what Microsoft knows about them, the company said.
On Thursday, Hewlett Packard Enterprise (HPE) disclosed that its Microsoft-hosted email system was hacked by Midnight Blizzard.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023.
“The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.
The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients.
The breach is believed to have impacted several high-profile Medibank customers, including senior Australian government lawmakers.
The U.S. Treasury Department sanctioned Ermakov shortly after the Australian government imposed first-of-its-kind sanctions against the Russian national.
According to the U.S. Treasury, REvil ransomware has been deployed on approximately 175,000 computers worldwide, garnering at least $200 million in ransom payments.
The FSB’s surprise operation came just months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang due to his alleged role in the Kaseya attack.
Google researchers say they have evidence that a notorious Russian-linked hacking group — tracked as “Cold River” — is evolving its tactics beyond phishing to target victims with data-stealing malware.
Cold River, also known as “Callisto Group” and “Star Blizzard,” is known for conducting long-running espionage campaigns against NATO countries, particularly the United States and the United Kingdom.
Researchers believe the group’s activities, which typically target high-profile individuals and organizations involved in international affairs and defense, suggest close ties to the Russian state.
Google says that on discovery of the Cold River malware campaign, the technology giant added all of the identified websites, domains, and files to its Safe Browsing service to block the campaign from further targeting Google users.
Google researchers previously linked the Cold River group to a hack-and-leak operation that saw a trove of emails and documents stolen and leaked from high-level Brexit proponents, including Sir Richard Dearlove, the former head of the U.K. foreign intelligence service MI6.
This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some of the most prolific cybercriminals in recent years.
Twitter took drastic measures to rid the hackers from its network by temporarily blocking all of the site’s 200-million-plus users from posting.
A New York judge sentenced the 24-year-old hacker to five years in prison, two of which O’Connor already served in pre-trial custody.
Federal prosecutors this year accused a former Amazon employee of hacking into a cryptocurrency exchange and stealing millions worth of customers’ crypto.
Why did a Russian man accused by U.S. prosecutors of ransomware attacks burn his passport?
