BOSTON (AP) – State-sponsored Russian hackers have infiltrated Microsoft's corporate email systems and accessed accounts of members of the company's executive team and employees from its cybersecurity and legal teams, the company said Friday. .
Microsoft said in a blog post that the intrusion began in late November and was discovered on January 12th. It said the same highly skilled Russian hacking team behind the SolarWinds breach was involved.
The company said a “small number” of Microsoft corporate accounts were accessed and some emails and attachments were stolen.
A company spokesperson said Microsoft had no immediate comment on which or how many senior executives' email accounts were compromised. Microsoft said in a regulatory filing Friday that it was able to remove the hacker's access from the compromised account around Jan. 13.
Microsoft said, “We are in the process of notifying employees whose emails were accessed,'' and an investigation revealed that the hackers initially targeted email accounts to obtain information related to the activity. He added that it was found.
Microsoft's disclosure comes a month after a new U.S. Securities and Exchange Commission rule went into effect that requires public companies to disclose violations that could harm their business. They have a four-day grace period unless they obtain a national security exemption.
In an SEC regulatory filing on Friday, Microsoft said that “as of the date of this filing, this incident has not had a material impact on the company's operations.” However, it added that it had not determined whether the incident was “reasonably likely to have a material impact” on its finances.
Redmond, Washington-based Microsoft said hackers from Russia's foreign intelligence agency SVR were able to gain access by compromising the credentials of a “legacy” test account, suggesting the code is outdated. . After gaining a foothold, they used the account's privileges to gain access to the senior leadership team and other accounts. The brute force attack technique used by hackers is called “password spraying.”
Attackers attempt to log into multiple accounts using a single common password. Microsoft said in an August blog post that its threat intelligence team discovered that the same Russian hacking team was using the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats. I explained how it happened.
“This attack was not caused by a vulnerability in a Microsoft product or service,” the company said in a blog post. “To date, there is no evidence that an attacker has accessed customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.”
Microsoft calls its hacking squad Midnight Blizzard. The group was known as Nobelium before it revised its threat actor nomenclature last year. Mandiant, a cybersecurity company owned by Google, calls this group Cozy Bear.
In a 2021 blog post, Microsoft called the SolarWinds hacking campaign “the most sophisticated nation-state attack in history.” More than 100 private companies and think tanks, including software and communications providers, were compromised, as well as U.S. government agencies such as the Department of Justice and the Treasury Department.
The main focus of SVR is information gathering. It primarily targets governments, diplomats, think tanks, and IT service providers in the United States and Europe.
