CISA issues emergency directive to address email compromises by cyber actor Midnight Blizzard

The Cybersecurity and Infrastructure Security Agency has publicly released an emergency directive urging federal agencies to take specific actions to mitigate a campaign from Russia-backed threat group Midnight Blizzard.

“Midnight Blizzard is using information initially exfiltrated from Microsoft corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to certain Microsoft customer systems. Microsoft and CISA have notified all federal agencies whose email correspondence with Microsoft was identified...