Identity, Vulnerability Management, Email security

Immediate credential resets urged for Midnight Blizzard-hit federal agencies

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

The Cybersecurity and Infrastructure Security Agency has called for immediate authentication credential resets across all federal agencies that had their emails with Microsoft containing sensitive data compromised in an attack by Russian state-sponsored threat operation Midnight Blizzard, also known as APT29 and Cozy Bear, according to CyberScoop.

Such a directive from CISA, which was sent to agencies on April 2 but only publicly issued on Thursday, sought the completion of all app credential reset activities by April 30, with agencies urged to provide updates regarding the progress of their remediation activities on April 8 and May 1.

No details regarding the number of agencies impacted by the email breach were revealed but CISA Executive Assistant Director for Cybersecurity Eric Goldstein emphasized that there has been no indication of any agency or agency production environment compromise. Ongoing analysis to determine exfiltrated authentication credentials is also being conducted by Microsoft, said Goldstein.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.