The Download
The much discussed Midnight Blizzard attack against Microsoft has claimed another victim: the Feds. The Washington Post reports that CISA issued an Emergency Directive to unnamed Federal agencies directing certain users to change their login credentials and take additional steps as required assuming their login credentials were likely compromised in the Midnight Blizzard attack against Microsoft.
Midnight Blizzard is the name given by Microsoft for Russian Intelligence agency SVR, aka Cozy Bear. In January 2024, Microsoft disclosed that Midnight Blizzard compromised an on-prem Microsoft Exchange server which had inadequate security controls. The attackers then leveraged that compromise to breach the corporate email server for Microsoft. From there they were able to access sensitive emails and access to other sensitive documents. Later, Microsoft disclosed Midnight Blizzard was leveraging their access to target downstream MSPs who service critical infrastructure.
The latest news now reveals Federal agency personnel login credentials may now be compromised by the same attack, which puts Federal networks at risk. This attack illustrates the downstream affects of compromise of key suppliers and the 3rd party risk associated with suppliers.
What You Can Do
The lessons learned from this attack and what you can do were captured well in this post. Please review to make sure you are adequately prepared.
To Learn More:
Comments