US cyber agency says Russian hackers used Microsoft access to steal government emails

The United States Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on April 2, 2023, advising that Russian government-backed hackers had gained unauthorized access to the email systems of Microsoft (MSFT) through the use of stolen authentication credentials. The hackers were reportedly able to infiltrate the email accounts of officials within an unspecified number of government agencies using this method.

According to the emergency directive released by CISA, the hacking group, believed to be associated with the Russian government, had been exploiting the shared credentials to attempt intrusions into Microsoft's customer systems. The directive emphasized the need for immediate action by affected organizations to secure their email environments against potential attacks.

Microsoft confirmed the issue in a statement, acknowledging that the company was aware of the targeted attacks against its customers using stolen credentials. The tech giant advised its clients to enable multi-factor authentication (MFA) for all user accounts as an additional security measure to protect against such unauthorized access attempts.

CISA recommended that organizations take several steps to mitigate the risk of falling victim to these attacks, including implementing MFA, applying software patches promptly, and monitoring their networks for suspicious activity. The agency also advised organizations to review their email logs for any signs of unauthorized access or unusual activity.

This incident marks the latest in a series of high-profile cyberattacks targeting government agencies and critical infrastructure in the United States. The use of stolen credentials to gain access to email systems is a common tactic employed by advanced persistent threat (APT) groups, making it essential for organizations to prioritize the security of their email environments and user accounts.

Microsoft has been working closely with CISA and other cybersecurity organizations to help protect its customers from these attacks. The company has also been providing guidance on best practices for securing email systems against targeted attacks.

In summary, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning on April 2, 2023, advising that Russian government-backed hackers had gained unauthorized access to the email systems of an unspecified number of government agencies using stolen authentication credentials from Microsoft's email platform. The hackers were attempting to exploit these credentials to gain access to other customer systems as well. CISA recommended that organizations take several steps to secure their email environments against these attacks, including enabling multi-factor authentication, applying software patches promptly, and monitoring networks for suspicious activity. Microsoft has been working with CISA and other organizations to help protect its customers from these attacks and has provided guidance on best practices for securing email systems.