Cyberthreat response
CISA Issues Emergency Directive Following Microsoft Breach
The Cybersecurity and Infrastructure Security Agency has issued an emergency directive to address a Russian hacking campaign that targeted federal civilian agencies’ email communication with Microsoft.
The directive requires agencies to reset compromised credentials by April 30 and identify affected email correspondence by the same deadline. Affected agencies are also instructed to report their response activities to CISA by May 1, CyberScoop reported.
While no agency compromises have been publicly reported after the credential exposure, CISA is working closely with the FBI to investigate the incident, which was attributed to Russian intelligence-linked group Midnight Blizzard, also known as Cozy Bear or APT29.
Eric Goldstein, CISA’s executive assistant director for cybersecurity, acknowledged the security risks associated with sharing authentication credentials via email and shared that Microsoft has an “ongoing” analysis to identify affected credentials.
Meanwhile, CISA Director Jen Easterly, a 2024 Wash100 awardee, emphasized the urgent need for action to safeguard federal systems, highlighting longstanding Russian cyberthreats. She stressed the importance of collaboration between government agencies and the private sector for enhanced cyberthreat mitigation.
While the directive only applies to federal agencies, the private sector is expected to follow CISA’s recommendations to improve its cybersecurity posture.
Category: Cybersecurity