Categories: CyberCrimeSecurity

Russia Microsoft Hack Accessed Home Office Data

Russian hackers accessed email data shared between Microsoft and the UK Home Office in an attack that occurred in January, a report has found.

Microsoft has been heavily criticised for internal security lapses that led to the January hack, which also gave the attackers access to emails shared with several US federal government agencies and other Microsoft corporate customers.

The hackers access to Home Office data, reported by Recorded Future, had not been previously made public.

A government spokesperson emphasised that the hackers had not accessed the Home Office’s own internal systems, but only corporate email data shared with Microsoft and held by the company.

Image credit: UK government

Government data

“We take data security very seriously,” the spokesperson said.

The January breaches posed a security risk because in some cases the compromised data included credentials that could have been used by attackers to try to access the systems of Microsoft customers.

The Home Office reported the breach to the Information Commissioner’s Office on 2 May, describing it as a “nation state attack on [a] supplier”, according to Recorded Future, which obtained the information via a Freedom of Information Act request.

The ICO said it was aware of the incident and had decided no further action was required.

The US Cybersecurity and Infrastructure Security Agency (CISA) warned in April that US federal government data had been breached in the attack and warned the stolen email data “presents a grave and unacceptable risk to agencies”.

The US and UK governments have attributed the January attack to a group of hackers tracked as Midnight Blizzard that works for Russia’s SVR intelligence agency.

Security lapses

Microsoft President Brad Smith appeared before a Congressional national security panel in June following criticism of the company’s internal security failures that led to the January hack as well as a separate attack in 2023 attributed to China.

Both attacks allowed hackers to access sensitive data belonging to Microsoft’s government customers.

Microsoft is the US governnment’s largest IT supplier and industry watchers say it has faced no meaningful consequences for its security failures.

“This is yet another example of the dangerous monopoly Microsoft has on the digital world and how attackers are hijacking on its ubiquity to compromise organisations,” said Kevin Robertson, chief operating officer of Acumen Cyber, of the latest breach.

“Governments and organisations are placing their trust in Microsoft when they store their data in its services, so security should be a guarantee. But unfortunately with Microsoft it’s not.”

The US Cyber Safety Review Board (CSRB) in April similarly singled Microsoft out for its cybersecurity lapses and a lack of transparency over last year’s China hack.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

2 days ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

2 days ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

3 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

3 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

3 days ago
  翻译: