Russian government-backed hackers exploited their access to Microsoft's email system to pilfer communications between officials and the tech giant, a US agency has said.
In a directive dated April 2, the US Cybersecurity and Infrastructure Security Agency (CISA) cautioned that hackers were utilising email-shared authentication details to access Microsoft's customer systems, including those of unspecified government agencies.
The warning comes after the company's acknowledgment in March that it was still contending with the intruders, referred to as "Midnight Blizzard."
Following that revelation, a report from the US Cyber Safety Review Board had last week blamed China for a preventable hack, criticising Microsoft for cybersecurity failures and a lack of transparency, reported Reuters.
CISA refrained from disclosing the agencies possibly impacted, however, it cautioned that the hackers may have targeted non-governmental groups too.
"Other organizations may also have been impacted by the exfiltration of Microsoft corporate email," CISA said, asking customers to contact Microsoft for further details.
Microsoft in an email said it was assisting customers in investigating and mitigating the situation, collaborating with CISA on an emergency directive for government agencies.
Comments