CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits

Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive in response on April 11 to
Midnight Blizzard
, aka Cozy Bear, a Russian state-sponsored threat actor targeting Microsoft email accounts in its latest campaign.
The group is exfiltrating information from
Microsoft corporate email systems
to gain access to Microsoft customer systems. Microsoft and CISA have already determined which companies correspondence has been exfiltrated so far and notified them accordingly.
The initial access vector for the Midnight Blizzard attack was a Microsoft 365 password spray, said John Fokker, head of threat intelligence at Trellix, in an emailed statement. Researchers at Trellix have observed more than 120 of these kind of attacks in the first quarter of the year alone.
CISAs directive initially was issued solely to federal agencies on April 2. It required agencies to observe and analyze Microsoft email accounts to determine if they had been affected, reset compromised credentials, and secure any privileged Microsoft Azure accounts.
These requirements apply only to Federal Civilian Executive Branch (FCEB) agencies, since they seem to be Midnight Blizzards biggest target. But CISA notes other organizations may also have been contacted and should seek assistance.
Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA), and prohibited sharing of unprotected sensitive information via unsecure channels, CISA said
in its statement
.
Jen Easterly, CISAs director, also noted that this Microsoft compromise is just the latest malicious cyber activity in the Russian playbook, and that the emergency directive is intended to ensure that the networks and systems of federal civilian agencies are secure.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits