Russian nation-state hackers have exploited a recent Microsoft email compromise to steal the emails of government agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) has reiterated in a new alert.
The warning ordered agencies to urgently check their email systems for signs of compromise and report back by April 30 if they believe specific emails or documents were compromised.
Originally distributed by CISA as an emergency order on April 2 and made public on Thursday, the latest Emergency Directive 24-02 requires federal agencies to take various actions, including resetting credentials, securing privileged Microsoft Entra ID (Azure) accounts, and analyzing email traffic.
