Microsoft’s Midnight Blizzard breach impacted federal agencies too

In March, Microsoft notified the U.S. Department of Veteran Affairs that it was affected by a security breach that enabled a Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg.already convicted SolarWinds AttackThe group has been accused of spying on email accounts. Microsoft’s Senior Leadership Team and I’m trying to use it Mystery From there, materials were obtained to create additional security breaches.

The VA Department found that Midnight Blizzard used a set of stolen credentials to access a Microsoft cloud test environment around January 1, VA officials said. Bloomberg The account was only accessed for a second, presumably to see if the credentials were working – they have now been updated.

According to BloombergMicrosoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive, personally identifiable information held by the agency has not been compromised. The Peace Corps was also notified of the Midnight Blizzard breach, but was told that Bloomberg Microsoft has not disclosed which customers were affected by the attack.

“Our investigation is ongoing and we are contacting customers and notifying them if they interacted with any of the Microsoft corporate email accounts that were accessed,” Microsoft spokesman Jeff Jones said. Verge“We will continue to assist our customers with coordination, support and relief measures.”

Microsoft has already announced that Improving your cybersecurity efforts This followed a “cascade of security failures” before the Midnight Blizzard attack last year. More recently, the software giant said it was making security its “most important security solution.”highest priority” Because it attempts to rebuild trust that has already been lost.