Urgent credential resets needed for agencies hit by Midnight Blizzard

• CISA has urged federal agencies affected by the Midnight Blizzard attack to reset authentication credentials immediately.
• Updates on remediation activities are required by May 1.

In response to the attack by Russian state-sponsored threat operation Midnight Blizzard, also known as APT29 and Cozy Bear, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for immediate authentication credential resets across all federal agencies that had their emails with Microsoft containing sensitive data compromised. The directive, sent to agencies on April 2 and publicly issued on Thursday, requires all app credential reset activities to be completed by April 30. Agencies are also urged to provide updates regarding the progress of their remediation activities on April 8 and May 1.

No specific details regarding the number of agencies impacted by the email breach were disclosed, but CISA’s Eric Goldstein emphasized that there has been no indication of any agency or agency production environment compromise. Microsoft is currently conducting ongoing analysis to determine exfiltrated authentication credentials. This incident serves as a reminder of the importance of cybersecurity measures and the need for immediate action to prevent further compromise of sensitive data.