The Cybersecurity and Infrastructure Security Agency (CISA) has taken action in response to a targeted Russian cyber campaign orchestrated by Russian state-sponsored actors, dubbed Midnight Blizzard, aimed at infiltrating Microsoft corporate email accounts.
The Russian Cyber Campaign has raised concerns about potential access to correspondence with Federal Civilian Executive Branch (FCEB) agencies, prompting CISA to issue Emergency Directive 24-02.
Mandated Response: Analysis and Reinforcement
Issued publicly, Emergency Directive 24-02 was initially circulated to federal agencies on April 2, driven by the urgency of the cyber threat and the limited scope of relevant actions available.
The Directive mandates agencies to conduct a thorough analysis of potentially affected emails, reset any compromised credentials, and reinforce security measures for privileged Microsoft Azure accounts.
Midnight Blizzard leverages information extracted from Microsoft corporate email systems, including authentication details shared via email between Microsoft customers and the company, to facilitate unauthorized access attempts on certain Microsoft customer systems.
Both Microsoft and CISA have notified federal agencies whose email correspondence was identified as compromised by Midnight Blizzard.
CISA Director Jen Easterly emphasized the critical nature of this Emergency Directive, stating, “As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, ensuring that federal civilian agencies are taking all necessary steps to secure their networks and systems is among our top priorities.”
She further highlighted the persistent threat posed by the Russian Cyber Campaign, highlighting the need for collaborative efforts to safeguard against such intrusions.
Russian Cyber Campaign: Agency Support and Monitoring
With the implementation of Emergency Directive 24-02, CISA will monitor and support agency compliance while providing additional resources as needed. The agency remains steadfast in leveraging its cybersecurity authorities to enhance visibility and drive timely risk mitigation across federal civilian agencies.
Although the immediate focus of the directive is on FCEB agencies, CISA urges other organizations potentially impacted by the exfiltration of Microsoft corporate accounts to engage with their Microsoft account teams for guidance.
Furthermore, all organizations are strongly advised to adopt robust security measures, including the use of strong passwords, multifactor authentication (MFA), and the avoidance of sharing sensitive information via unsecure channels.
The issuance of Emergency Directive 24-02 underscores the ongoing and evolving threat landscape faced by both government and private sector entities.
It serves as a reminder of the critical importance of proactive cybersecurity measures and collaborative efforts to defend against sophisticated cyber adversaries. CISA remains vigilant in its commitment to safeguarding the nation’s critical infrastructure and digital assets from malicious actors.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
