Hackers with support from Russia gained access to Microsoft’s “senior leadership” email accounts

As revealed by the company, a hacking group that’s reportedly connected to Russian Intelligence agency was successful in accessing emails of some senior Executives and employees.

As stated by the company, they detected the attack on Jan 12, and is holding a hacking group known as Midnight Blizzard or Nobelium responsible for the act. This group is same as the one behind 2020 SolarWinds cyberattack. Nobelium is declared to be associated with Russia’s Foreign Intelligence service (SVR) by Microsoft and US cybersecurity officials.

The company stated in a blog post that starting in late November 2023, the threat actor used a password spray attack to gain access to a legacy non-production test tenant account. From there, they used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including ones belonging to our senior leadership team and staff members in our cybersecurity, legal, and other departments, and exfiltrated some emails and attached documents.”

The organization stated that its preliminary inquiry indicates the group was searching for material pertaining to itself, although it did not specify which of its “senior leadership” individuals were the targets. According to company representatives, there is currently no proof that “production systems, source code, customer environments, or AI systems” were accessed.

The corporation is acting to “immediately” improve the security of “Microsoft-owned legacy systems and internal business processes,” even though it claims the attack “was not the result of a vulnerability in Microsoft products or services.” It also said that the modifications “will probably cause some level of disruption.

Leave a Reply