U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.

In a statement published Thursday, the U.S. cyber agency said the cyberattack, which Microsoft initially disclosed in January, allowed the hackers to steal federal government emails “through a successful compromise of Microsoft corporate email accounts.”

The hackers, which Microsoft calls “Midnight Blizzard,” also known as APT29, are widely believed to work for Russia’s Foreign Intelligence Service, or SVR.

    • deranger@lemmy.world
      link
      fedilink
      arrow-up
      16
      ·
      7 months ago

      Used? Still uses. Outlook is how all the US military handles email, by extension I’d assume that’s how all .gov handles unclassified email.

      • credo@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        7 months ago

        Not all military. A significant number of active duty Army are using Google. There are other pockets of divergence out there.

          • circuscritic@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            Don’t know, you should ask [email protected]

            Jokes aside, any company providing services to the government is going to have met the original RFP requirements.

            Also, they’ll probably have separate infrastructure for military contracts, which I assume was also a requirement of any bid - but that’s just a guess. Someone else can correct me if I’m wrong.

            • credo@lemmy.world
              link
              fedilink
              arrow-up
              4
              arrow-down
              1
              ·
              edit-2
              7 months ago

              It’s called FEDRAMP. Yes, for DoD separate infrastructure is required, but that is not true of all Government agencies. E.g., would BLM really need separate secure infrastructure from the commercial sector? Probably not worth the expense and effort.

    • Optional@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      Yes. Despite the obvious security flaws and other bullshit associated with using Micro$oft, they’ve leveraged their historical monopoly position to manage email for large swaths of the federal government.

      It’s fucking nightmarish and insane to boot, and here we are.

      Oh and also russia stole a bunch of emails from us becase of that.

      So. Thanks for running the government like a shitty business, feds! Yeah you sure saved a boatload on datacenter expenses didntya.

  • Treczoks@lemmy.world
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    7 months ago

    If the US government is stupid enough to store data with Microsoft, they should not complain. OK, maybe they should, to Microsoft.

  • disguy_ovahea@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    7 months ago

    It’s such an embarrassment. Our government has access to incredible technological resources, yet they still use unencrypted email.

    • Optional@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      If only end-to-end encryption was simple, available, and part of most communications somehow. In some magical fairy land where that sort of thing is possible.

      Not in the richest nation on earth though. No, we crammed everything into the cheapest bucket we could pork barrel away and will now blame someone else while accepting huge campaign contributions.

    • Optional@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      7 months ago

      OMG did you hear [random governmental employee] likes [random thing]?? Clearly a sophisticated code for pedophilia!!!

      Everybody grab your assault weapons and meet up at the pizza place!

  • nkat2112@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    Epic failure even for a company known for decades-long security flaws and consistently poor software quality.

    I shouldn’t be shocked, but I am.