Government says Microsoft hack affected Department of Veterans Affairs and Department of State

of US Bureau of Global MediaThe bureau, a part of the State Department that provides news and information in countries with media restrictions, was notified by Microsoft several months ago that some of its data may have been stolen, a spokesman said in an emailed statement. No security or personally identifiable data was compromised, the spokesman said.

A State Department spokesman said the department is working closely with the Department of Homeland Security on the incident and declined to answer further questions. “We are aware that, in the spirit of transparency, Microsoft is in contact with both affected and non-affected agencies,” a State Department spokesman said.

Microsoft has January The Russian hacker group “Midnight Blizzard” accessed corporate email accounts, Later warned They were allegedly trying to exploit secrets shared between the tech giant and its customers. The company declined to reveal the identities of the affected customers.

“As our investigation continues, we are reaching out to notify customers who communicated through the Microsoft corporate email accounts that were accessed,” a Microsoft spokesperson said Wednesday. “We will continue to coordinate, support and assist customers as they take mitigation steps.”

Additionally, the Department of Veterans Affairs was notified in March that it was affected by the Microsoft data breach, a department official said.

1 second intrusion

The hackers used a set of stolen credentials found in the accessed emails to break into a test environment for the VA’s Microsoft Cloud account around January, officials said. The intrusion lasted about a second, officials said. Midnight Blizzard was likely trying to check whether the credentials were valid, but probably had a larger goal of breaking into the VA’s network, officials said.

After being notified of the intrusion, the agency changed the compromised credentials and login details across its Microsoft environment, officials said. After reviewing the emails accessed by the hackers, the VA determined that no additional credentials or sensitive emails were stolen, officials said.

VA spokesman Terrence Hayes said the investigation is ongoing to see if there are any further impacts.

Microsoft also contacted the Peace Corps to inform them about the Midnight Blizzard breach, according to a statement from the Peace Corps’ public affairs office. “Based on this notification, Peace Corps technical staff were able to mitigate the vulnerability,” the service said. The Peace Corps declined to comment further.

Bloomberg News reached out to other federal agencies for comment, but none said they were affected by the Midnight Blizzard attack on Microsoft. Bloomberg previously reported that more than a dozen state government agencies and public universities in Texas had been compromised by the Russian hack.

Midnight Blizzard, also known in cybersecurity circles as “Cozy Bear” and “APT29,” is part of Russia’s foreign intelligence service, according to U.S. and British authorities.

In April, the U.S. federal government agency Ordered Amid concerns that Midnight Blizzard may have accessed the communications, Microsoft was told to analyze emails, reset compromised passwords and work to secure Microsoft cloud accounts. Over the next few months, Microsoft has notified some customers that their emails with the tech giant had been accessed by Russian hackers.

The Midnight Blizzard intrusion was one in a series of high-profile and damaging security failures by the Redmond, Washington-based technology company that have drawn strong criticism from the U.S. government. Microsoft President Brad Smith appeared before Congress last month to acknowledge the security failures and pledge to improve the company’s operations.