The U.S. Department of Veterans Affairs and a division of the U.S. State Department are amongst a growing list of Microsoft Corp. customers who’ve acknowledged they were affected by a breach on the tech giant blamed on Russian state-sponsored hackers.
The US Agency for Global MediaA component of the U.S. State Department that gives news and knowledge in countries where the press is restricted was notified by Microsoft “a few months ago” that a few of its data could have been stolen, a spokesman said in an emailed statement. No security-related or personally identifiable sensitive data was compromised, the spokesman said.
The agency is working closely with the Department of Homeland Security on the incident, the spokesman said, declining to reply further questions. A State Department spokesman said: “We are aware that Microsoft is contacting affected and unaffected agencies in the spirit of transparency.”
Microsoft announced in January that a Russian hacker group called Midnight Blizzard had accessed corporate email accounts and later warned that they were trying to use secrets exchanged between the technology giant and its customers. The company has refused to call the affected customers.
“As part of our investigation, we have contacted customers to let them know if they have corresponded with a Microsoft corporate email account that was accessed,” a Microsoft spokesperson said Wednesday. “We will continue to coordinate, support, and assist our customers in taking mitigation actions.”
In addition, the U.S. Department of Veterans Affairs was notified in March that it was affected by the Microsoft vulnerability, agency officials said.
A one-second break-in
The hackers used a single set of stolen credentials – present in the emails they accessed – to interrupt right into a test environment within the VA’s Microsoft cloud account around January, officials said, adding that the breach took one second. Midnight Blizzard likely desired to confirm that the credentials were valid, presumably with the larger intent of breaking into the VA’s network, officials said.
The agency modified the exposed credentials and the login credentials in its Microsoft environments after it was notified of the breach, officials said. After reviewing the emails accessed by the hackers, the VA determined that no other credentials or confidential emails were stolen, officials said.
Terrence Hayes, VA spokesman, said an investigation is underway to find out further impacts.
According to a press release from the press office, the Peace Corps was also contacted by Microsoft and informed of the Midnight Blizzard security breach. “Based on this notification, Peace Corps technical staff were able to resolve the security vulnerability,” the agency said. The Peace Corps declined further comment.
Bloomberg News has reached out to other federal agencies for comment, but not one of the other agencies said they’d been affected by Midnight Blizzard’s attack on Microsoft. Bloomberg previously reported that greater than a dozen Texas agencies and public universities were in danger from the Russian hack.
Midnight Blizzard, also known in cybersecurity circles as “Cozy Bear” and “APT29,” is an element of Russia’s foreign intelligence service, in response to U.S. and British authorities.
In April, US federal authorities were ordered to research emails, reset compromised passwords, and work to secure Microsoft cloud accounts amid concerns that Midnight Blizzard could have accessed the correspondence. Microsoft notified some customers within the months that followed that their emails with the tech giant had been accessed by the Russian hackers.
The Midnight Blizzard attack was certainly one of several high-profile and serious security breaches on the Redmond, Washington-based technology company that drew strong condemnation from the U.S. government. Microsoft President Brad Smith appeared before Congress last month, where he admitted to security breaches and promised to enhance the corporate’s operations.
