Russian hacking group breaches Microsoft Outlook

What happened – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an emergency directive on April 11, 2024, following the Russian APT29 hacking group’s successful breach of multiple federal agencies’ Microsoft email accounts.  

  • Hackers can use stolen information, including authentication data, to obtain access to customer systems and exploit customer information.  
  • Affected federal agencies were instructed to take immediate remediation actions including resetting or deactivating authentication credentials.  

How to mitigate risk from this vulnerability: 

  • Review multifactor authentication (MFA) enforcement for all users, noting any exceptions and consider enforcing on those excluded accounts as well.  
  • Refresh end user educations/awareness around MFA fatigue attacks to reduce likelihood of MFA bypass. 
  • Place additional monitoring around high-privilege accounts to track sign-ins and other usage to detect malicious activity. 
  • Review sign-in logs for suspicious activity, and consider implementing alerting for unusual sign-in activity. 

Read: CISA orders agencies impacted by Microsoft hack to mitigate risks (
Read: ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System | CISA.
Read: APT29 –

Get smart and take action – Drawbridge makes cybersecurity easy for Alternative Investment and Wealth Managers. Contact one of our representatives to learn more.

Contact Us For More Information