CISA Emergency Directive Orders Mitigations After Microsoft Breach

The U.S. government has made public an emergency directive that it issued last week, ordering federal agencies to take various mitigation measures after a previously disclosed Microsoft compromise allowed threat actors to exfiltrate email correspondence between the agencies and Microsoft.

The emergency directive, which was originally issued privately to federal agencies on April 2 - and first reported on by CyberScoop - orders impacted agencies to take immediate action for tokens, passwords, API key or authentication credentials suspected of being …

breach cisa compromise email emergency emergency directive federal federal agencies government microsoft microsoft breach mitigation mitigations privately public threat threat actors u.s. government week