ADVERTISEMENT

Microsoft Tells Texas Agencies They Were Exposed In Russian Hack

Microsoft has blamed a hacking group it calls Midnight Blizzard, which is tied to Russian intelligence services, for the attack.

<div class="paragraphs"><p>Corporate signage of Microsoft Corp at Microsoft India Development Center, in Noida, India. (Photographer: Prakash Singh/Bloomberg)</p></div>
Corporate signage of Microsoft Corp at Microsoft India Development Center, in Noida, India. (Photographer: Prakash Singh/Bloomberg)

Microsoft Corp. has told more than a dozen state agencies and public universities in Texas that Russian state-sponsored hackers accessed emails between them and the software giant.

The attackers were able to gain access to the communications through a breach of Microsoft, disclosed in January, in which they stole emails from some of the company’s executives. The agencies that Microsoft warned of exposure in the attack include the Texas Department of Transportation, Texas Workforce Commission, Texas Department of Motor Vehicles, Texas General Land Office and the Texas State Securities Board, according to a person familiar with the matter, who asked not to be identified because they weren’t authorized to discuss it. 

Microsoft has blamed a hacking group it calls Midnight Blizzard, which is tied to Russian intelligence services, for the attack.

The state and Microsoft are still examining the effect of the breach. An official with the Texas cybersecurity agency, Steve Pier, acknowledged on Friday the exposure of state emails, but said that so far they appear to be only routine administrative communications.

News of the Texas agencies being impacted by the Microsoft hack offers a fuller view of the range of the compromise, and it raises concerns about a US adversary potentially accessing sensitive information about employees, financial matters or critical infrastructure in one of the country’s most populous and economically important states.

“To be clear, the state of Texas was not breached. Microsoft was breached, which has involved some state of Texas emails,” Pier, of the Texas Department of Information Resources, said in a statement. He said his agency first heard about the exposures from Microsoft this week and is still assessing the number of affected entities. 

Microsoft declined to say which customers were receiving notices about the attack. “We will continue to coordinate, support and assist our customers in taking mitigating measures,” a company spokesperson said Friday.

Microsoft told the General Land Office on Monday that the hackers got hold of 11 of its emails to the technology giant, according to Kimberly Hubbard, a spokesperson for the Texas agency, who said the messages were mostly about technical support. 

“There was nothing in those emails that contained sensitive or confidential information or information that a threat actor could leverage to attack us,” Hubbard said. “We have not seen any signs of system access or subsequent attacks to our network related to this Microsoft incident.

A spokesperson for the Workforce Commission, Sarah Fischer, said Microsoft told the agency on Wednesday that its “email systems were impacted” but didn’t say what the hackers may have accessed. 

Representatives of the Department of Transportation and Securities Board didn’t respond Friday to requests for comment. A Department of Motor Vehicles spokesperson declined to comment. 

In January, Microsoft announced that hackers had stolen senior leaders’ emails that they were using to try to break into customers’ communications, including those of government agencies. The company this week told additional customers that their emails were accessed by the hackers, and began providing previously notified clients with details of what was taken.

The company pinned the breach on a group that US and UK authorities have said is part of the Russian Foreign Intelligence Service. Midnight Blizzard is also referred to as APT 29 and Cozy Bear.

It remains unclear how many other Microsoft clients were exposed. In April, US federal agencies were ordered to analyze emails, reset compromised credentials and work to secure Microsoft cloud accounts amid concerns that the hackers may have accessed correspondence.

The fallout from the breach is coming into fuller view as the Redmond, Washington-based company is facing a series of high-profile and damaging security failures that have drawn strong condemnation from the US government. 

In April, a government review board issued a scathing report that criticized Microsoft for having an “inadequate” security culture and cited Midnight Blizzard as evidence that the company hadn’t yet fixed the problem. Microsoft is now in the middle of its biggest security overhaul in decades.

More stories like this are available on bloomberg.com

©2024 Bloomberg L.P.