Russian hackers infiltrate Veterans Affairs via Microsoft account

A Microsoft-based Veterans Affairs account was accessed in January by Russian hackers, but no personal information or other data was compromised, an agency official confirmed.

The Russian state-sponsored hacker infiltrated a Microsoft platform called Microsoft Azure Government, which provides storage, databases and other services to the VA and other government agencies.

VA press secretary Terrence Hayes told Military Times in an email that the server was breached “for just one second, presumably to see if the credentials worked” by a group called Midnight Blizzard, or Nobelium, which has ties to the Russian government, according to Microsoft.

“After investigating the matter, we determined that no patient data was compromised,” Hayes told Military Times. “VA found that Midnight Blizzard used a single set of stolen credentials to access a Microsoft Cloud test environment around January. ... We are continuing to look into this matter with Microsoft to ensure that all veteran patient data remains protected and that we are not compromised in the future.”

Stars and Stripes previously reported the hack.

Microsoft said the attack originally targeted corporate email accounts within the company, including the company’s senior leadership, in an effort to find information related to the group Midnight Blizzard itself. The hacker used a spray attack, which involves using a variety of predictable, simple passwords to try and gain access to an account, according to Microsoft.

“The attack was not the result of a vulnerability in Microsoft products or services,” Microsoft officials said in a January statement. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or AI systems.”

Hayes told Stars and Stripes that the attack was unrelated to a Feb. 21 hack, which involved a private vendor, Change Healthcare , responsible for processing health care payments.

That attack included an expansive breach of the U.S. health care system, possibly including the VA. Fifteen million veterans were notified that their private health care information could have been compromised, Veterans Affairs Sec. Denis McDonough said in April.

The cybersecurity attack also included the Peace Corps and the U.S. Agency for Global Media, an independent news group of the federal government that produces Voice of America, Radio Free Europe and Free Asia, according to Stars and Stripes.