(Bloomberg) — The U.S. Department of Veterans Affairs and an arm of the U.S. State Department are among a growing list of Microsoft Corp. customers. who acknowledged they were impacted by a tech giant breach attributed to Russian state-sponsored companies. hackers.
Bloomberg’s Most Read
The US Agency for Global Media, part of the State Department that provides news and information in countries where the press is restricted, was notified “a few months ago” by Microsoft that some of its data may have been stolen, a spokesperson said. voice in a statement. statement sent by email. No security or sensitive personally identifiable data was compromised, the spokesperson said.
The agency is working closely with the Department of Homeland Security on the incident, the spokesperson said, declining to answer additional questions. A State Department spokesperson said: “We are aware that Microsoft is reaching out to agencies, both affected and unaffected, in the spirit of transparency.”
Microsoft disclosed in January that a Russian hacker group called Midnight Blizzard had accessed corporate email accounts and later warned that it was trying to use secrets shared between the tech giant and its customers. The company declined to identify the affected customers.
“As our investigation continues, we have reached out to customers to notify them if they have corresponded with a Microsoft corporate email account that has been accessed,” a Microsoft spokesperson said Wednesday. “We will continue to coordinate, support and assist our customers in taking mitigation measures.”
Additionally, the Department of Veterans Affairs was notified in March that it was affected by the Microsoft breach, agency officials said.
Hackers used a single set of stolen credentials — found in emails they accessed — to break into a test environment on the VA’s Microsoft Cloud account around January, authorities said, adding that the intrusion lasted one second. Midnight Blizzard likely intended to verify that the credentials were valid, likely with the greater intent of breaching the VA’s network, authorities said.
The agency changed the exposed credentials, along with login details to its Microsoft environments, as soon as it was notified of the intrusion, they said. After reviewing the emails accessed by the hackers, the VA determined that no additional credentials or confidential emails were obtained, officials said.
Terrence Hayes, press secretary for the VA, said an investigation continues to determine any additional impacts.
The Peace Corps was also contacted by Microsoft and notified about the Midnight Blizzard breach, according to a statement from its press office. “Based on this notification, the Peace Corps technical team was able to mitigate the vulnerability,” according to the agency. The Peace Corps declined further comment.
Bloomberg News asked other federal agencies for comment, and none of the others revealed that they were affected by the Midnight Blizzard attack on Microsoft. Bloomberg previously reported that more than a dozen Texas state agencies and public universities were exposed by the Russian hack.
Midnight Blizzard, also known in cybersecurity circles as “Cozy Bear” and “APT29,” is part of Russia’s foreign intelligence service, according to U.S. and U.K. officials.
In April, US federal agencies were forced to analyze emails, reset compromised passwords and work to secure Microsoft cloud accounts, amid fears that Midnight Blizzard may have accessed the correspondence. Microsoft has been notifying some customers in the months since that their emails with the tech giant have been accessed by Russian hackers.
The Midnight Blizzard breach was one of a series of damaging and high-profile security breaches at the Redmond, Washington-based technology company that drew strong condemnation from the US government. Microsoft President Brad Smith appeared before Congress last month, where he acknowledged security flaws and promised to improve the company’s operations.
(Updates without additional comment from Peace Corps in 10th paragraph.)
Bloomberg Businessweek Most Read
©2024 Bloomberg LP
/cdn.vox-cdn.com/uploads/chorus_asset/file/23318432/akrales_220309_4977_0079.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25515303/proton_docs_blog_2_collaboration_2x.png?w=300&resize=300,300&ssl=1)
