Several prominent organizations, including the US Department of Veterans Affairs and a branch of the US State Department, have recently confirmed that they were affected by Microsoft cybersecurity breach attributed to Russian state-sponsored hackers.
Microsoft Cybersecurity Breach's Impact on US Government, State Department Arm
In an emailed statement, a spokesperson for the US Agency for Global Media, which operates in countries with restricted press, revealed that Microsoft had notified them "a couple months ago" about a potential data breach.
According to a spokesperson, there was no compromise of any security or personally identifiable sensitive data.
A spokesperson from the State Department acknowledged that Microsoft is making efforts to communicate with various agencies, whether they have been impacted or not, with a commitment to openness and transparenc, Bloomberg reported.
In January, Microsoft revealed that a Russian hacking group, known as Midnight Blizzard, had gained unauthorized access to corporate email accounts. Microsoft also issued a warning, stating that the hackers were attempting to exploit confidential information shared between the company and its customers. The company has chosen not to disclose the customers who were affected.
Furthermore, officials for the Department of Veterans Affairs stated that they were informed in March about the impact of the Microsoft breach on their agency.
According to officials, the hackers managed to gain access to a test environment in the VA's Microsoft Cloud account using a single set of stolen credentials found in the emails they accessed. The intrusion, although brief, lasted for one second.
Read also: Elon Musk Issues Stark Warning to Bill Gates: Tesla's AI Ambitions Spell Doom for Doubters
Midnight Blizzard Intrusion
Midnight Blizzard was attempting to verify the validity of the credentials, possibly with the ultimate goal of infiltrating the VA's network.
After being alerted to the breach, the agency promptly updated their login information and credentials across their Microsoft environments. According to officials, the VA has concluded that no additional credentials or sensitive email were taken after a thorough examination of the accessed emails by the hackers.
In April, US federal agencies were directed to thoroughly examine emails, reset compromised passwords, and take necessary measures to enhance the security of Microsoft cloud accounts due to concerns that unauthorized access may have occurred.
According to Fortune, Microsoft has been informing certain customers in recent months that their emails with the tech giant were compromised by unauthorized individuals.
The Midnight Blizzard breach was just one of many security failures at the Redmond, Washington-based technology company, which has faced severe criticism from the US government.
During a recent Congressional hearing, Brad Smith, the President of Microsoft, openly admitted to the company's security failures and expressed a strong commitment to enhancing their operations.
Join the Conversation