Hot off the press! CISA issues Emergency Directive (ED) 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System. Affected agencies are required to take immediate remediation action for tokens, passwords, API keys, or other authentication credentials known or suspected to be compromised; identify the full content of the agency correspondence with compromised Microsoft accounts, etc. ๐ https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system
This is in regards to the cyberattack on Microsoft by APT29 a.k.a. Midnight Blizzard, publicly attributed to Russia's Foreign Intelligence Service (SVR) first disclosed 19 January 2024.