The US cybersecurity watchdog said on Thursday (11 April) that Russian Government-backed hackers have used Microsoft’s email system to steal communication between the company and government officials.

The US Cybersecurity and Infrastructure Security Agency said that hackers were breaking into Microsoft’s customer systems by exploiting authentication details shared by email.

According to the watchdog, an unspecified number of government agencies have had their correspondence compromised by the hackers.

The warning follows Microsoft’s announcement in March that it was working to combat the Russian hackers, which it named “Midnight Blizzard”.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” Microsoft said in a blog post in March.

Microsoft said it was “working with our customers to help them investigate and mitigate”.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“This includes working with CISA on an emergency directive to provide guidance to government agencies,” a spokesperson added. 

The hackers involved are an infamous cyber-espionage group that has previously been linked to Russia.

Several days after Microsoft disclosed the first hack, Hewlett Packard Enterprise said the same hacking group had breached its cloud-based email network.

The same hacking group carried out the breach of US agency emails in 2020. Hackers had access to unclassified email accounts from US intelligence agencies for months before the breach was discovered.

Russia has denied responsibility for the hacks.