Government says Microsoft cyberattack affected Veterans Affairs and State Department
The U.S. Department of Veterans Affairs and a division of the U.S. State Department are among the growing list Microsoft Corp. customers have acknowledged that they were affected by the tech giant’s data breach, which was carried out by Russian state-sponsored hackers.
The US Global Media AgencyA division of the State Department that provides news and information in countries where journalism is restricted was notified by Microsoft “several months ago” that some of its data may have been stolen, a spokesperson said in an emailed statement. The spokesperson said no security-sensitive or personally identifiable data was compromised.
The spokesperson said the agency is working closely with the Department of Homeland Security on the incident, but declined to answer further questions. “We understand that Microsoft is reaching out to agencies, both those affected and those not affected, in the spirit of transparency,” a State Department spokesperson said.
Microsoft revealed in January that a Russian hacker group known as Midnight Blizzard had accessed the company’s email accounts and then warning that they were trying to use secrets shared between the tech giant and its customers. The company declined to identify the customers affected.
“As we investigate, we have contacted customers to let them know if they have communicated with a Microsoft corporate email account that was accessed,” a Microsoft spokesperson said on Wednesday. “We will continue to work with, support and assist our customers in implementing mitigation measures.”
Additionally, agency officials said the Department of Veterans Affairs was notified in March that it was affected by the Microsoft breach.
One second intrusion
The hackers used a single set of stolen credentials — found in emails they accessed — to break into a test environment in the VA’s Microsoft Cloud account around January, officials said, adding that the intrusion lasted for a second. Midnight Blizzard may have intended to test whether the credentials were valid, perhaps with the larger goal of compromising the VA’s network, officials said.
The agency changed the exposed credentials, along with credentials across its Microsoft environments, after it was notified of the breach, they said. After reviewing the emails the hackers accessed, VA determined that no additional credentials or sensitive emails were taken, officials said.
The investigation is ongoing to determine any additional impacts, said Terrence Hayes, VA press secretary.
According to a statement from its press office, the Peace Corps was also contacted by Microsoft and informed of the Midnight Blizzard breach. “Based on this notification, the Peace Corps technical team was able to mitigate the vulnerability,” the agency said. The Peace Corps declined to comment further.
Bloomberg News reached out to other federal agencies for comment, and none disclosed that they were affected by Midnight Blizzard’s attack on Microsoft. Bloomberg previously reported that more than a dozen Texas state agencies and public universities had their information exposed in the Russian attack.
Midnight Blizzard, also known in cybersecurity circles as “Cozy Bear” and “APT29,” is part of Russia’s foreign intelligence agency, according to US and UK authorities.
In April, U.S. federal agencies Ordered to analyze emails, reset compromised passwords and work to secure Microsoft cloud accounts amid concerns that Midnight Blizzard may have accessed correspondence. Microsoft has notified some customers in the months since that their emails with the tech giant had been accessed by Russian hackers.
The Midnight Blizzard breach is one of a series of serious and damaging security breaches at the Redmond, Washington-based technology company that have been widely condemned by the U.S. government. Microsoft President Brad Smith testified before Congress last month, where he acknowledged the security breaches and pledged to improve the company’s operations.
