Microsoft claims that state-backed Russian hackers hacked into its corporate email system and viewed the accounts of members of the company’s top team, as well as cybersecurity and legal workers.
State-sponsored Russian hackers breached Microsoft’s corporate email system, gaining access to the accounts of members of the firm’s executive team as well as staff on its cybersecurity and legal teams, the company claimed Friday.
In a blog post, Microsoft stated that the breach started in late November and was discovered on January 12. It claimed that the same highly skilled Russian hacker team that caused the SolarWinds intrusion was to blame.
According to Microsoft, only “a very small percentage” of corporate accounts were accessed, and some emails and linked documents were stolen.
A corporate representative said Microsoft had no immediate comment on who or how many members of its senior leadership had their email accounts compromised. In a regulatory filing Friday, Microsoft stated that it was able to remove the hackers’ access from the compromised accounts on or about Jan. 13.
“We are in the process of notifying employees whose email was accessed,” Microsoft said, adding that its research shows the hackers were first targeting email accounts for information about their actions.
The Microsoft revelation comes a month after a new Securities and Exchange Commission rule went into force, requiring publicly traded corporations to disclose breaches that could harm their businesses. It gives them four days to do so, unless they acquire a national security waiver.
In Friday’s SEC regulatory statement, Microsoft stated that “as of the date of this filing, the incident has not had a material impact” on company operations. It said that it has not yet “determined whether the incident is reasonably likely to materially impact” its finances.
Microsoft, located in Redmond, Washington, said the hackers from Russia’s SVR foreign intelligence agency gained access by compromising credentials on a “legacy” test account, implying it contained obsolete programming. After obtaining a footing, they used the account’s rights to acquire access to the senior leadership team’s and other accounts. The hackers utilized a brute-force assault tactic known as “password spraying.”
The threat actor attempts to connect to several accounts using a single common password. In an August blog post, Microsoft revealed how its threat intelligence team uncovered that the same Russian hacker team had used the tactic to attempt to acquire credentials from at least 40 different global firms via Microsoft Teams chat.
“The attack was not the result of a vulnerability in Microsoft products or services,” the company stated on its blog. “There is currently no evidence that the threat actor got access to customer environments, production systems, source code, or AI systems. We will alert clients if further action is required.”
Microsoft refers to the hacking unit as Midnight Blizzard. Prior to last year’s overhaul of its threat-actor terminology, the group was known as Nobelium. Mandiant, a cybersecurity firm owned by Google, refers to the group as “Cozy Bear.”
In a 2021 blog post, Microsoft described the SolarWinds cyber attack as “the most sophisticated nation-state attack in history.” In addition to US government institutions like the Justice and Treasury departments, over 100 commercial enterprises and think tanks, including software and telecommunications providers, were infiltrated.
The SVR’s major focus is intelligence gathering. It is primarily directed at governments, diplomats, think tanks, and IT service providers in the United States and Europe.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
