Microsoft’s Midnight Blizzard breach also impacted federal agencies

In March, Microsoft notified the US Department of Veterans Affairs that it was affected by the security breach that allowed the Russian hacker group known as “Midnight Blizzard” to steal part of the company’s source code, reports. Bloomberg. Already blamed for the previous attack on SolarWinds, the group was accused of spying on the email accounts of Microsoft’s senior leadership team and trying to use the secrets obtained there to create additional security breaches.

The VA department discovered that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials said Bloomberg that the account was accessed for just a second, probably to see if the credentials worked – they have already been updated.

According to Bloomberg, Microsoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive personally identifiable information maintained by the agency are not believed to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach, but said Bloomberg which was able to “mitigate vulnerability”. Microsoft did not disclose which customers were affected by the attack.

“As our investigation continues, we have reached out to customers to notify them if they have corresponded with a Microsoft corporate email account that has been accessed,” said Microsoft spokesman Jeff Jones. On the edge. “We will continue to coordinate, support and assist our customers in taking mitigation measures.”

Microsoft had already announced that it was revamping its cybersecurity efforts last year, before the Midnight Blizzard attack, following a “cascade of security breaches.” More recently, the software giant said it was making security its “top priority” as it tries to rebuild the trust it has already lost.