Russian Hackers Use Microsoft Email Access To Steal Official Correspondence | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

JAKARTA – The United States Cybersecurity and Infrastructure Agency (CISA) stated that hackers backed by the Russian government have used their access to Microsoft’s email system to steal a correspondence between officials and tech giants. This was demonstrated in an emergency order released by the US watchdog agency on Thursday 11 April.

In the directive dated April 2, the agency warned that hackers were leveraging details of authentication shared via email to try to get into Microsoft’s customer systems, including those from an unnamed number of government agencies.

A warning that government agencies were targeted for using stolen Microsoft emails according to the company’s announcement last March that they were still battling hackers, which they nicknamed “Midnight Blizzard.”

The revelation, which caused alarms to sound across the cybersecurity industry, was followed last week by a report from the United States Cyber Security Review Council saying separate attacks – thought to have originated in China – could have been prevented, as well as blamed the company for cybersecurity negligence and a lack of intentional transparency.

CISA declined to mention which institutions might be affected. Microsoft said in an email that it was “working with our customers to help them investigate and reduce its impact. This includes working with CISA on emergency orders to provide guidance to government agencies.”

The Russian Embassy in Washington, which has previously denied being the perpetrator behind the hacking campaign, did not immediately reply to messages seeking comment from the media.

CISA warns that hackers may also have targeted non-governmental groups.

“Other organizations may also have been affected by Microsoft’s corporate email spending,” said CISA, prompting customers to contact Microsoft for more details.



Click Here For The Original Story From This Source.


National Cyber Security