CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat

WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts and potentially accessing correspondence with Federal Civilian Executive Branch agencies.
The Directive was initially issued to federal agencies on April 2nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft.
This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.
Midnight Blizzard is using information initially exfiltrated from Microsoft corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to certain Microsoft customer systems.
Microsoft and CISA have notified all federal agencies whose email correspondence with Microsoft was identified as exfiltrated by Midnight Blizzard.
As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required.
CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.
While ED 24-02 requirements apply only to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate accounts and are encouraged to contact their respective Microsoft account team for guidance.
Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication and prohibited sharing of unprotected sensitive information via unsecure channels.
About CISA. As the nation's cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 11 Apr 2024 18:43:10 +0000


Cyber News related to CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat

Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts ...
8 months ago Cisa.gov
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
6 months ago Cisa.gov
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
1 year ago Securityboulevard.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
Cyber and Physical Security Are Different, But They Must Work Together - America's critical infrastructure faces more diverse threats than ever before. The rapid digitalization of many sectors and the relatively analog operational environments that exist in others have led security specialists and analysts to develop ...
1 year ago Cybersecurity-insiders.com
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
1 year ago Cisa.gov
Majority of Gao's Cybersecurity Recommendations Not Implemented by Federal Agencies - The Government Accountability Office has recently reported that federal agencies have been slow to implement a majority of the recommendations it made for improving the cybersecurity of federal agencies. Despite the implementation progress at some ...
1 year ago Securityweek.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
Security Alert! CISA Reports Refund Scam Targeting Federal Agencies Through Remote Management Software - The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert to federal agencies about a refund scam targeting them through remote management software. According to the alert, hackers have been using the remote software to ...
1 year ago Therecord.media
CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by ...
11 months ago Cisa.gov
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
11 months ago Helpnetsecurity.com
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
9 months ago Securityweek.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
10 months ago Darkreading.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
10 months ago Cyberdefensemagazine.com
How Cloud Solutions Can Lead to Stronger, More Secure IT Operations - Cloud services, which offer tools such as networks, servers, and data storage, can help federal agencies deliver better IT services while minimizing costs. Without adequate security measures, these services can expose agencies to cyberattacks. The ...
9 months ago Cyberdefensemagazine.com
CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
1 year ago Bleepingcomputer.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
Dozens of Rogue California Police Agencies Still Sharing Driver Locations with Anti-Abortion States - SAN FRANCISCO-California Attorney General Rob Bonta should crack down on police agencies that still violate Californians' privacy by sharing automated license plate reader information with out-of-state government agencies, putting abortion seekers ...
10 months ago Eff.org
CISA: Thousands of bugs remediated in second year of vulnerability disclosure program - With 11 new agency programs onboarding in 2023, the VDP Platform drew heightened researcher attention and engagement, which facilitated a marked increase in the volume of vulnerability submissions received, valid vulnerabilities identified and ...
2 months ago Therecord.media
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
10 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)