It has recently come to light that the US Department of Veterans Affairs and an extension of the US State Department, the US Agency for Global Media, have been compromised in a data breach associated with tech powerhouse, Microsoft Corp. Russian state-sponsored hackers, known as Midnight Blizzard, were identified as the culprits behind the breach.
Officials from the US Agency for Global Media, an organization that provides news and information in regions where press freedom is limited, reported that they were alerted by Microsoft a few months ago about the potential theft of their data. However, they assured that no security or personally identifiable sensitive data was compromised in the breach.
In the wake of the incident, the agency has been collaboratively working with the Department of Homeland Security. A State Department spokesperson shared that Microsoft has been transparent in reaching out to both impacted and unaffected agencies.
Back in January, Microsoft publicly acknowledged the breach by Midnight Blizzard, who had gained access to corporate email accounts. The tech giant later alerted that the hacking group was attempting to leverage confidential information shared between Microsoft and its customers. They, however, have refrained from revealing the specifics about the impacted customers.
Midnight Blizzard’s Strategy
The hacking group, Midnight Blizzard, used a single set of stolen credentials found in the emails they accessed to infiltrate a test environment in the VA’s Microsoft Cloud account in January. The intrusion lasted for merely a second. It is speculated that the hackers were testing the validity of the credentials, possibly with the larger motive of breaching the VA’s network.
Once alerted about the intrusion, the agency swiftly acted by changing the compromised credentials and login details across their Microsoft Cloud environments. After a thorough review of the emails accessed by the hackers, the VA confirmed that no additional credentials or sensitive email was extracted.
Terrence Hayes, the VA’s press secretary, stated that an investigation is currently underway to determine any additional impact.
Other Affected Agencies
- The Peace Corps was also contacted by Microsoft and notified about the Midnight Blizzard breach. The technical staff of the agency were able to mitigate the vulnerability based on this notification. However, the Peace Corps did not provide any further comment regarding the incident.
- Bloomberg News reached out to several other federal agencies for comment. However, none of them disclosed whether they were affected by Midnight Blizzard’s attack on Microsoft. A prior report by Bloomberg indicated that more than a dozen Texas state agencies and public universities were compromised by the Russian hack.
Known by other names as “Cozy Bear” and “APT29” in cybersecurity circles, Midnight Blizzard is believed to be part of Russia’s foreign intelligence service, as per US and UK authorities.
In a response to the threat posed by Midnight Blizzard, US federal agencies in April were instructed to analyze emails, reset compromised passwords, and take necessary steps to secure Microsoft cloud accounts. Following this, Microsoft has been communicating with some customers that their correspondences with the tech company were accessed by the Russian hackers.
Microsoft has faced severe criticism from the US government due to a series of high-profile and damaging security failures. Microsoft President Brad Smith acknowledged these security lapses in a congressional hearing last month and pledged to enhance the company’s operations.
