On Friday, Microsoft announced that a government-backed Russian organization successfully breached its corporate networks on January 12th, accessing and pilfering emails and documents from employee accounts.
The company revealed that the Russian group managed to breach “a minute portion” of Microsoft’s corporate email accounts, including those of senior leaders and staff in cybersecurity, legal, and other departments.
The threat research team at Microsoft regularly looks into nation-state hackers, including the group known as “Midnight Blizzard” from Russia, who they believe to be responsible.
The investigation conducted by the company revealed that the hackers’ initial target was Microsoft in order to gather information about their operations.
The hackers employed a method known as a “password spray attack” in November 2023 to access a Microsoft platform, according to the company. This technique involves using a compromised password on several associated accounts in order to gain entry to a company’s systems.
The Russian Embassy in Washington and Ministry of Foreign Affairs have not yet responded to a request for comment.
Microsoft has confirmed that they have looked into the situation and taken action to disrupt the harmful actions of the group, effectively preventing them from accessing their systems.
The company stated that this attack serves as a reminder of the ongoing danger that well-funded nation-state hackers, such as Midnight Blizzard, pose to all organizations. They clarified that the attack was not caused by a specific vulnerability in their products or services.
According to a blog post from the company, there is currently no proof that the perpetrator had any ability to access customer environments, production systems, source code, or AI systems.
Microsoft’s disclosure follows a new regulatory requirement implemented by the U.S. Securities and Exchange Commission in December that mandates publicly owned companies to promptly disclose cyber incidents. Affected companies must file a report about a hack’s impact within four business days of discovery – disclosing the time, scope and nature of the breach to the government.
The cyber espionage group, Midnight Blizzard, has been identified by U.S. officials as APT29, Nobelium, or Cozy Bear and is believed to be associated with Russia’s SVR spy agency. This group gained notoriety for hacking into the Democratic National Committee during the 2016 U.S. election.
Many government agencies in the United States make frequent use of Microsoft products. In the past year, the company received negative feedback for its security protocols when Chinese hackers were able to access emails belonging to high-ranking officials in the U.S. State Department.
Source: voanews.com