The U.S. Department of Veterans Affairs and an arm of the U.S. State Department were among a growing list of Microsoft customers who have admitted they were affected by the tech giant’s hack blamed on Russian state-sponsored hackers.
the US Agency for Global MediaThe State Department, part of the U.S. Department of State that provides news and information in countries with press restrictions, was notified “a few months ago” by Microsoft that some of its data may have been stolen, a State Department spokesperson said in an emailed statement. No personally identifiable or sensitive security data was compromised, the spokesperson added.
A State Department spokesperson said the agency is working closely with the Department of Homeland Security on the incident, declining to answer additional questions. “We are aware that Microsoft is communicating with agencies, both affected and unaffected, in a spirit of transparency,” a State Department spokesperson said.
Microsoft revealed in January A Russian hacking group called Midnight Blizzard has gained access to corporate email accounts. He was later warned. They were trying to use secrets shared between the tech giant and its customers. The company declined to identify the affected customers.
“As our investigation continues, we have reached out to customers to let them know if they have emailed a Microsoft account that was compromised,” a Microsoft spokesperson said Wednesday. “We will continue to coordinate, support and assist our customers in taking mitigation measures.”
In addition, the Department of Veterans Affairs was notified in March that it had been affected by the Microsoft breach, agency officials said.
1 second break in
The hackers used a single set of stolen credentials — found in emails they accessed — to breach a testing environment in a VA Microsoft Cloud account around January, officials said, adding that the breach lasted about a second. Midnight Blizzard likely intended to verify the credentials, and the larger goal may have been to breach the VA network, officials said.
The agency said it changed the exposed credentials, along with login details across its Microsoft environments, once it was notified of the breach. After reviewing the emails the hackers accessed, the VA determined that no additional credentials or sensitive emails were taken, officials said.
Terrence Hayes, press secretary for the Department of Veterans Affairs, said the investigation is ongoing to determine any additional impact.
Microsoft also contacted the Peace Corps and notified them of the Midnight Blizzard breach, according to a statement from its press office. “Based on this notification, Peace Corps technical staff were able to mitigate the vulnerability,” the agency said. The Peace Corps declined to comment.
Bloomberg News asked other federal agencies for comment, and none disclosed whether they were affected by the Midnight Blizzard attack on Microsoft. Bloomberg previously reported that more than a dozen state agencies and a public university in Texas were hacked by Russia.
The Midnight Blizzard group, also known in cybersecurity circles as “Cozy Bear” and “APT29,” is part of Russia’s foreign intelligence service, according to U.S. and British authorities.
In April, US federal agencies announced They were requested. To analyze emails, reset compromised passwords and work to secure Microsoft cloud accounts amid concerns that Midnight Blizzard may have accessed correspondence. Microsoft has notified some customers in the months since that their emails with the tech giant were accessed by Russian hackers.
The Midnight Blizzard hack was one of a series of high-profile and damaging security failures at the Redmond, Washington-based technology company that have drawn sharp condemnation from the U.S. government. Microsoft President Brad Smith appeared before Congress last month, where he acknowledged the security failures and pledged to improve the company’s operations.