The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED 24-02) on Thursday urging federal agencies to look for intrusions following a recent breach of Microsoft systems that resulted in the theft of email communications. signs and develop preventive measures with the company.
The attacks that came to light earlier this year were attributed to the Russian nation-state group Midnight Blizzard (also known as APT29 or Cozy Bear). Last month, Microsoft revealed that an adversary had successfully gained access to part of its source code repository, but noted that there was no evidence that customer-facing systems had been compromised.
The emergency directive was initially issued privately to federal agencies on April 2 and was first reported by CyberScoop two days later.
“Threat actors are leveraging information originally leaked from corporate email systems, including Microsoft customers and authentication details shared by Microsoft via email, to gain or attempt to gain additional access to Microsoft customer systems,” CISA said.
The agency said the theft of email communications between government entities and Microsoft poses a serious risk, urging parties to analyze the contents of the leaked emails, reset compromised credentials and take additional steps to secure privileged Microsoft Azure accounts The security of authentication tools.
It’s unclear how many federal agency email exchanges were compromised following the incident, but CISA said all agencies have been notified.
The agency also urges affected entities to perform a cybersecurity impact analysis by April 30, 2024, and to provide a status update by 11:59 p.m. on May 1, 2024. Other organizations affected by this vulnerability are advised to contact their respective Microsoft Accounts teams with any additional questions or follow-up.
“Regardless of the direct impact, all organizations are strongly encouraged to adopt rigorous security measures, including strong passwords, multi-factor authentication (MFA), and prohibiting the sharing of unprotected sensitive information through unsecured channels,” CISA said.
The development comes as CISA releases a new version of its malware analysis system called Malware Next-Gen, which allows organizations to submit malware samples (anonymous or otherwise) and other suspicious artifacts for analysis.
