Russian-backed hackers under the group "Midnight Blizzard" have stolen emails from US federal agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) said.

The scheme was made in an ongoing Microsoft hack and this prompted the agency to immediately act and figure out what happened in the first place.

CISA Confirmed Hack Spearheaded by Russian Cybercriminals

In its press release released on Thursday, CISA disclosed that the cyberattack, initially reported by Microsoft in January, resulted in the compromise of Microsoft corporate email accounts, granting unauthorized access to federal government emails.

CISA has identified the Russian Foreign Intelligence Service (SVR) as the perpetrator behind the attack, emphasizing the significant risk it poses to affected agencies. 

In response, the agency issued an emergency directive on April 2, mandating immediate action by civilian government agencies to secure their email accounts in light of heightened intrusions by Russian hackers.

While CISA did not specify the federal agencies impacted by the email theft, the agency's quick action will increase the chance of mitigating its effects, thereby decreasing the severity of the attack.

"The Directive was initially issued to federal agencies on April 2nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft. This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts," CISA explained.

Related Article: Microsoft Confirms It Has Yet to Contain Russian State Hack 

Microsoft's Role and Continued Challenges

As a critical technology provider for the US government, Microsoft has faced increased perusal over its security practices in the wake of multiple intrusions by state-sponsored hackers. 

According to FirstPost, the breach in January targeted Microsoft's corporate email systems, compromising accounts of senior leadership and personnel across various departments.

Despite ongoing efforts by the Redmond giant to expel the hackers from its systems, the attack persists, triggering concerns about the effectiveness of current remediation efforts.

The recent breach amplifies existing concerns about cybersecurity vulnerabilities within US government systems. A separate investigation attributed an earlier breach in 2023 to Chinese government-backed hackers, citing security lapses within Microsoft's infrastructure.

Moreover, a misconfiguration of a Microsoft-hosted cloud email server led to the exposure of personal information for 20,000 individuals, as reported by the US Department of Defense in February.

Now going back to Russian hackers, a different group of threat actors was allegedly involved in the Sweden ransomware cyberattack in late January.

According to Tech Times, the cybercriminals targeted one data center of Tietoevry. The authorities said at the time that it would take several days or even weeks for the systems to be restored.

For Sweden to avoid future attacks, there's a need for rapid digitalization. However, it appears that cybersecurity is not the country's priority at the moment.

Read Also: Researchers Track AI-Written PowerShell Script That Deploys Infostealer Malware