Reports from the Cybersecurity and Infrastructure Security Agency (CISA) indicate that Russia was able to gain access to sensitive information from US government email by exploiting a breach in the Microsoft email system. The spies are believed to be Midnight Blizzard, AKA Cozy Bear, accessed information shared between Microsoft and its customers via email, and were able to collect authentication details and access other systems.
CISA in conjunction with Microsoft have begun investigating and filing reports on scope and severity of the breach and the data obtained by the spies. CISA will provide its full report to the Secretary of Homeland Security and the Director of the Office of Management and Budget by September 1, 2024.