This afternoon, CISA issued Emergency Directive 24-02 to address the significant risk from nation-state compromise of Microsoft Corporate Email System. Due to this heightened concern, WaterISAC recommends members review the ED, remain vigilant, and act accordingly as it is believed that the email compromise extends beyond the federal government and may impact other critical entities and the broader ecosystem. According to previous Microsoft statements, the company is reaching out to impacted customers to assist in mitigation. See WaterISAC’s previous update on the situation and for more background on Microsoft’s email compromise, see Microsoft.