Microsoft Hack Impacts VA and Global Media Agency, Linked to Russian Hackers

Microsoft breach affects the VA and US Agency for Global Media, linked to Russian hackers.

Monday, July 8, 2024 3:28 PM UTC

Surprise Election Outcome Sparks Political Uncertainty in France
French say ‘non’ to Le Pen’s National Rally - but a messy coalition government looks likely
French election: far-right government blocked as Le Pen’s alliance pushed into third place, says exit poll
Minnie Driver Says Donald Trump Should Be in Prison After Hush Money Conviction
Ex-Barack Obama Advisor Claims President Joe Biden Suffers From 'Denial, Delusion, and Defiance'

The recent Microsoft breach, attributed to Russian state-sponsored hackers, has affected multiple organizations, including the US Department of Veterans Affairs and the US Agency for Global Media. The intrusion, linked to the Midnight Blizzard group, compromised corporate email accounts and data.

US Veterans Affairs and Global Media Agency Affected by Russian Hack on Microsoft

In a recent report by Yahoo Finance, many Microsoft Corp. customers, including the US Department of Veterans Affairs and a US agency that disseminates news internationally, have acknowledged that they were affected by a breach of the technology behemoth attributed to Russian state-sponsored hackers.

Microsoft notified the US Agency for Global Media. This independent federal agency provides news and information in countries where the press is restricted, "a couple of months ago," some of its data may have been stolen, according to a spokesperson in an emailed statement. The spokesperson stated that no personally identifiable sensitive data or security was compromised.

The spokesperson declined to respond to further inquiries, stating that the agency is collaborating closely with the Department of Homeland Security regarding the incident.

In January, Microsoft disclosed that a Russian hacking group known as Midnight Blizzard had accessed corporate email accounts. Following this disclosure, the group warned that it was attempting to exploit the secrets shared between the technology behemoth and its customers. The company has declined to disclose the names of the affected consumers.

“As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” a Microsoft spokesperson said on July 3. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”

Furthermore, according to agency officials, the Department of Veterans Affairs was informed in March that it was affected by the Microsoft intrusion.

Hackers Breach VA’s Microsoft Cloud, Peace Corps Also Notified of Midnight Blizzard Intrusion

According to the officials, the hackers entered a test environment in the VA's Microsoft Cloud account in January using a single set of stolen credentials that they discovered in the emails they accessed. The intrusion was brief, lasting only one second. The officials stated that Midnight Blizzard likely intended to verify the validity of the credentials with the ultimate goal of penetrating the VA's network.

They stated that the agency promptly updated the compromised credentials and log-in details across their Microsoft environments upon receiving notification of the intrusion. According to the officials, the VA determined that no additional credentials or sensitive emails were taken after reviewing the emails that the hackers accessed.

Terrence Hayes, the press secretary for the VA, stated that an investigation is ongoing to ascertain any additional consequences.

Microsoft also contacted the Peace Corps and informed them of the Midnight Blizzard intrusion, according to a press release from its press office. “The Peace Corps technical staff were able to mitigate the vulnerability as a result of this notification,” the agency stated. The Peace Corps declined to provide additional commentary.

Bloomberg News requested comments from other federal agencies; however, none of them disclosed that they were affected by Midnight Blizzard's attack on Microsoft. Bloomberg previously reported that the Russian breach exposed over a dozen Texas state agencies and public universities.

US and UK Authorities Link Midnight Blizzard Hack to Russia’s Foreign Intelligence Service

According to US and UK authorities, Midnight Blizzard, which is also referred to as "Cozy Bear" and "APT29"in secularity circles, is a component of Russia's foreign intelligence service.

In April, US federal agencies were directed to analyze emails, reset compromised passwords, and work to secure Microsoft cloud accounts in response to concerns that Midnight Blizzard may have accessed correspondence. In the past months, Microsoft has informed specific customers that Russian hacker accessed their communications with the technology company.

The technology company based in Redmond, Washington, has been subject to high-profile and detrimental security breaches, including the Midnight Blizzard breach. The US government has issued a forceful condemnation of the company. Last month, Microsoft President Brad Smith addressed Congress, acknowledging the company's security deficiencies and promising to enhance its operations.

Photo: Microsoft Bing