Microsoft’s Midnight Blizzard breach also impacted federal agencies

Share via:


In March, Microsoft notified the US Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg. Already assigned blame for the earlier SolarWinds attack, the group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches.

The VA department found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials told Bloomberg that the account was accessed for just one second, presumably to see if the credentials worked — they have since been updated.

According to Bloomberg, Microsoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive, personally identifiable information held by the agency is not believed to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach but told Bloomberg that it was able to “mitigate the vulnerability.” Microsoft hasn’t disclosed which customers have been impacted by the attack.

“As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” Microsoft spokesperson Jeff Jones said to The Verge. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”

Microsoft had already announced it was overhauling its cybersecurity efforts last year before the Midnight Blizzard attack after a “cascade of security failures.” More recently, the software giant said it was making security its “top priority” as it attempts to rebuild the trust it’s already lost.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft’s Midnight Blizzard breach also impacted federal agencies


In March, Microsoft notified the US Department of Veterans Affairs that it was impacted by the security breach that enabled the Russian hacking group known as “Midnight Blizzard” to steal some of the company’s source code, reports Bloomberg. Already assigned blame for the earlier SolarWinds attack, the group has been accused of spying on email accounts of Microsoft’s senior leadership team and attempting to use the secrets obtained there to create additional security breaches.

The VA department found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. VA officials told Bloomberg that the account was accessed for just one second, presumably to see if the credentials worked — they have since been updated.

According to Bloomberg, Microsoft also informed the US Agency for Global Media that some of its data may have been stolen. Security data and sensitive, personally identifiable information held by the agency is not believed to have been compromised. The Peace Corps was also notified of the Midnight Blizzard breach but told Bloomberg that it was able to “mitigate the vulnerability.” Microsoft hasn’t disclosed which customers have been impacted by the attack.

“As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” Microsoft spokesperson Jeff Jones said to The Verge. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”

Microsoft had already announced it was overhauling its cybersecurity efforts last year before the Midnight Blizzard attack after a “cascade of security failures.” More recently, the software giant said it was making security its “top priority” as it attempts to rebuild the trust it’s already lost.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Apple’s head of accessibility to attend Web Summit Lisbon...

This year’s Web Summit Lisbon kicks off next...

As generative AI gets better, what will happen to...

Suno CEO Mikey Shulman found himself in an...

Nodal connects hopeful parents with surrogates as reproductive freedom...

Many people who want to have children can’t,...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!