The Cybersecurity and Infrastructure Security Agency has called for immediate authentication credential resets across all federal agencies that had their emails with Microsoft containing sensitive data compromised in an attack by Russian state-sponsored threat operation Midnight Blizzard, also known as APT29 and Cozy Bear, according to CyberScoop.
Such a directive from CISA, which was sent to agencies on April 2 but only publicly issued on Thursday, sought the completion of all app credential reset activities by April 30, with agencies urged to provide updates regarding the progress of their remediation activities on April 8 and May 1.
No details regarding the number of agencies impacted by the email breach were revealed but CISA Executive Assistant Director for Cybersecurity Eric Goldstein emphasized that there has been no indication of any agency or agency production environment compromise. Ongoing analysis to determine exfiltrated authentication credentials is also being conducted by Microsoft, said Goldstein.
