Russian state-backed hackers have gained access to email correspondence between US government agencies and Microsoft through a breach of the software giant’s systems. US officials have confirmed this breach, with Microsoft notifying several federal agencies that emails containing login information, such as usernames and passwords, may have been stolen. Despite this, there is currently no evidence that the hackers have used this information to compromise active federal computer systems.
The breach of Microsoft emails has prompted the tech giant and US cyber officials to take action to prevent further damage by the alleged Russian operatives. CISA has released an emergency directive instructing potentially affected civilian agencies to strengthen their defenses, labeling the exposure of agency login credentials as an “unacceptable risk.” The hackers in question are linked to Russia’s foreign intelligence service, and their activities are causing significant concern among US officials.
This incident is the latest development in a hacking campaign that Microsoft first disclosed in January, but which has since escalated as more details come to light. In March, Microsoft revealed that the hackers had accessed its core software systems, using the information for subsequent attacks on Microsoft customers. Similarly, Hewlett Packard Enterprise reported that the hackers had breached its cloud-based email systems following Microsoft’s initial disclosure. The precise motive and extent of the hackers’ activities remain unclear, but experts note that the group has a history of conducting intelligence-gathering campaigns in support of the Kremlin.
The same Russian group was responsible for the well-known breach of several US agency email systems using software from US contractor SolarWinds, an operation that was uncovered in 2020. The hackers had accessed unclassified email accounts at the Department of Homeland Security, the Department of Justice, and other agencies for months before being detected. Despite the evidence linking the hackers to Russia, the country has denied any involvement in these activities. Microsoft has stated that it is working with customers to investigate and mitigate the breach, collaborating with CISA on an emergency directive to guide government agencies in responding to the incident.
This is just the latest in a series of foreign hacking campaigns targeting US government agencies utilizing Microsoft software. A recent review commissioned by the US government found that Microsoft had made “avoidable errors” that allowed Chinese hackers to breach its network and access the email accounts of senior US officials, including the secretary of commerce, in the past year. The ongoing threat of cyber-attacks underscores the need for heightened cybersecurity measures and increased cooperation between tech companies, government agencies, and cybersecurity experts to protect critical infrastructure and sensitive information from malicious actors.
