Technology giant Microsoft reported in a recent disclosure that state-sponsored Russian hackers successfully infiltrated its corporate email system, the Associated Press reported. The breach affected the accounts of key members of the leadership team and employees of the cybersecurity and legal departments, it added.
The intrusion began in late November 2022, and Microsoft detected it on January 12th. The same highly skilled Russian hacker team responsible for the SolarWinds breach was identified as the threat actor.
Microsoft said only a “small percentage” of corporate accounts were accessed. This breach resulted in the theft of some emails and attachments.
Affected Leadership Accounts
Microsoft did not immediately say which members of senior leadership had their email accounts compromised, but said it was in the process of notifying affected employees.
Microsoft was able to remove the hacker's access from the compromised account around January 13th. The company suggested that the hackers initially targeted his account via email seeking information related to the activity and highlighted its continued investigation into the incident.
In accordance with new rules from the United States Securities and Exchange Commission (US SEC), Microsoft filed a regulatory report on January 19th. The report states that the incident did not have a material impact on the company's operations as of the reporting date. However, the financial impact is not yet known.
Access methods and techniques
The hackers, identified as Russia's SVR foreign intelligence agency, gained access by compromising the credentials of a “legacy” test account, hinting at outdated code. The attacker used a technique called “password spraying” to perform a brute force attack, attempting to log into multiple accounts with a single common password.
Microsoft calls this hacking force Midnight Blizzard (previously known as Nobelium). Cybersecurity company Mandiant, a subsidiary of Google, has identified the group as Cozy Bear.
Microsoft emphasized that the breach has similarities to the SolarWinds hacking campaign, which is considered the “most sophisticated nation-state attack in history.” SVR focuses primarily on intelligence gathering and targets governments, diplomats, think tanks, and IT service providers in the United States and Europe.
In its disclosure, Microsoft assured that the breach was not due to vulnerabilities in its products or services. At this time, there is no evidence to suggest access to customer environments, production systems, source code, or AI systems. The company also promised to notify customers if further action is required.
Unlock a world of benefits! From insightful newsletters to real-time inventory tracking, breaking news and personalized newsfeeds, it's all here, just a click away. Log in here!
