Security News > 2024 > April > CISA orders agencies impacted by Microsoft hack to mitigate risks
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group.
CISA says Russian Foreign Intelligence Service operatives now use information stolen from Microsoft's corporate email systems, including the authentication details shared between Microsoft and its customers by email, to gain access to certain customer systems.
Microsoft and the U.S. cybersecurity agency have already notified all federal agencies whose email correspondence with Microsoft was detected as exfiltrated by the Russian hackers.
"This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems. For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list," said CISA Director Jen Easterly on Thursday.
CISA has ordered affected agencies to identify the full content of the agency correspondence with compromised Microsoft accounts and perform a cybersecurity impact analysis by April 30, 2024.
Even though ED 24-02 requirements exclusively apply to FCEB agencies, the exfiltration of Microsoft corporate accounts may impact other organizations, which are urged to seek guidance from their respective Microsoft account teams.