The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that Russian government-backed hackers exploited vulnerabilities in Microsoft’s email system to steal sensitive correspondence between officials and the tech company. This alarming breach was highlighted in an emergency directive issued by CISA on April 2.

According to the directive, the hackers utilized stolen authentication details shared via email to infiltrate not only Microsoft’s customer systems but also those of an unspecified number of government agencies. The warning underscores the severity of the attack, which Microsoft internally refers to as “Midnight Blizzard.” The cyber security industry has been on high alert since this disclosure, and a separate hack attributed to China was also recently reported as preventable due to cyber security lapses and a lack of transparency.

The Russian Embassy in Washington has not yet responded to these allegations, and CISA cautions that non-governmental organizations may also have been impacted by the exfiltration of Microsoft corporate emails. The situation remains a critical concern, and authorities are actively investigating and mitigating the breach.

For more on this story, please visit Reuters. To receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.