Your web browser is no longer supported. To improve your experience update it here

Russian hackers steal US government emails from Microsoft

Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant's systems, US officials have confirmed this morning.
Microsoft has notified "several" US federal agencies that the hackers may have stolen emails that Microsoft sent to those agencies that included login information such as usernames, or passwords, Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency (CISA), told reporters.
"At this time, we are not aware of any agency production environments that have experienced a compromise as a result of a credential exposure," Goldstein said.
Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant's systems, US officials confirmed. (NICOLAS ASFOURI/AFP/AFP via Getty)
In other words, a CISA official told CNN, there is no evidence yet that the hackers had used the stolen credentials to successfully break into federal computer systems that are actively in use.
But the breach of Microsoft emails is still forcing the tech giant and US cyber officials to scramble to ensure there is no further damage at the hands of the alleged Russian operatives.
CISA on Thursday publicly released an "emergency directive" that orders civilian agencies potentially affected by the hacking campaign to shore up their defenses. CISA described the potential exposure of agency login credentials as an "unacceptable risk to agencies."
CNN has requested comment from the Russian Embassy in Washington, DC.
The hackers in question are an infamous cyber-espionage group that US officials have previously tied to Russia's foreign intelligence service.
It's the latest twist in a hacking incident that Microsoft first revealed in January but has only grown more serious as new details emerge. In March, Microsoft revealed that the hackers accessed some of Microsoft's core software systems and were using that information for follow-on attacks on Microsoft customers.
Days after Microsoft disclosed the breach in January, another Big Tech company, Hewlett Packard Enterprise, said the same hackers had breached its cloud-based email systems. The full extent and exact purpose of the hacking activity isn't clear, but experts say the group responsible has a history of wide-ranging intelligence gathering campaigns in support of the Kremlin.
Microsoft notified several US government agencies about the hack. (AP)
The same Russian group was behind the infamous breach of several US agency email systems using software made by US contractor SolarWinds, which was revealed in 2020.
The hackers had access for months to the unclassified email accounts at the departments of Homeland Security and Justice, among other agencies, before the spying operation was discovered.
Russia denied involvement in the activity.
"As we shared in our March 8 blog, as we discover secrets in our exfiltrated email, we are working with our customers to help them investigate and mitigate," a Microsoft spokesperson said in a statement to CNN.
Members of the public stand in the queue near Tower Bridge, as they wait in line to pay their respects to the late Queen Elizabeth II, in London on September 16, 2022, who is lying-in-state at Westminster Abbey. - Queen Elizabeth II will lie in state until 0530 GMT on September 19, a few hours before her funeral, with huge queues expected to file past her coffin to pay their respects. (Photo by Marco BERTORELLO / AFP) (Photo by MARCO BERTORELLO/AFP via Getty Images)
Bizarre places becoming a hotbed of cybercriminals
"This includes working with CISA on an emergency directive to provide guidance to government agencies."
It's the latest foreign hacking campaign to target US government agencies through Microsoft software.
Microsoft committed a "cascade" of "avoidable errors" that allowed Chinese hackers to breach the tech giant's network and later the email accounts of senior US officials last year, including the secretary of commerce, according to a US government-backed review of the incident released this month.
FOLLOW US ON WHATSAPP HERE: Stay across all the latest in breaking news, celebrity and sport via our WhatsApp channel. No comments, no algorithm and nobody can see your private details.
CONTACT US

Send your stories to contact@9news.com.au

Property News: This place is unfit for humans and sold for almost $900,000.