April 12, 2024 at 10:41AM
CISA warns of Russian spies’ theft of sensitive data from Microsoft’s email system, prompting an Emergency Directive for affected agencies to analyze exfiltrated emails, reset compromised credentials, and enhance security. Microsoft and CISA collaborate to provide metadata on the exfiltrated emails. Security experts criticize Microsoft’s security practices and disclosure approach. CISA to submit a report by September 1.
Based on the meeting notes, the key takeaways are:
1. Russian spies, identified as Midnight Blizzard or Cozy Bear, gained access to Microsoft’s email system and exfiltrated sensitive data, including authentication details and federal agency correspondence.
2. CISA issued Emergency Directive ED 24-02 requiring federal agencies to analyze the content of exfiltrated emails, reset compromised credentials, and secure authentication tools for privileged Microsoft Azure accounts.
3. Microsoft has agreed to provide affected agencies with metadata regarding exfiltrated emails and increased its intrusion attempts, including password spraying attacks.
4. The incident has raised concerns about Microsoft’s security practices and disclosure approach, leading to implications for national security and its commercial clients.
5. CISA aims to provide a report by September 1 to the Secretary of Homeland Security and the Director of the Office of Management and Budget, identifying cross-agency status and outstanding issues.
These are the key takeaways from the meeting notes. Let me know if you need any further information or assistance.