CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits


Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.



The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive in response on April 11 to
Midnight Blizzard
, aka Cozy Bear, a Russian state-sponsored threat actor targeting Microsoft email accounts in its latest campaign.
The group is exfiltrating information from
Microsoft corporate email systems
to gain access to Microsoft customer systems. Microsoft and CISA have already determined which companies correspondence has been exfiltrated so far and notified them accordingly.
The initial access vector for the Midnight Blizzard attack was a Microsoft 365 password spray, said John Fokker, head of threat intelligence at Trellix, in an emailed statement. Researchers at Trellix have observed more than 120 of these kind of attacks in the first quarter of the year alone.
CISAs directive initially was issued solely to federal agencies on April 2. It required agencies to observe and analyze Microsoft email accounts to determine if they had been affected, reset compromised credentials, and secure any privileged Microsoft Azure accounts.
These requirements apply only to Federal Civilian Executive Branch (FCEB) agencies, since they seem to be Midnight Blizzards biggest target. But CISA notes other organizations may also have been contacted and should seek assistance.
Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA), and prohibited sharing of unprotected sensitive information via unsecure channels, CISA said
in its statement
.
Jen Easterly, CISAs director, also noted that this Microsoft compromise is just the latest malicious cyber activity in the Russian playbook, and that the emergency directive is intended to ensure that the networks and systems of federal civilian agencies are secure.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits