Categories: Technology

State-Backed Russian Hackers Breach Microsoft Email System

In a recent blog post, Microsoft revealed that state-backed Russian hackers successfully broke into its corporate email system and gained access to various accounts. The intrusion reportedly began in late November but was only discovered on January 12th. This highly skilled hacking team, believed to be responsible for the SolarWinds breach, targeted the accounts of the company’s leadership team, as well as employees from the cybersecurity and legal departments. While Microsoft stated that only a small percentage of accounts were accessed, some emails and attached documents were stolen as a result. The company spokesperson did not provide specific details regarding which members of the senior leadership team were affected by the breach.

Response and Investigation

Upon discovering the breach, Microsoft promptly took action to remove the hackers’ access from the compromised accounts. By January 13th, the necessary security measures were implemented. The company is currently in the process of notifying employees whose email accounts may have been accessed during the incident. Additionally, Microsoft clarified that the hacking team was primarily targeting email accounts in search of information related to their activities.

Microsoft’s disclosure of this breach comes shortly after the implementation of a new U.S. Securities and Exchange Commission (SEC) rule. Under this rule, publicly traded companies are required to disclose any breaches that could potentially negatively impact their business. They must do so within four days, unless they receive a national-security waiver. In Microsoft’s recent regulatory filing with the SEC, it stated that, as of the filing date, the incident had not caused a material impact on its operations. However, the company has not yet determined whether the breach will have a significant financial impact.

The Hackers’ Methods

According to Microsoft, the Russian hackers gained access to the corporate email system by compromising credentials on a “legacy” test account that had outdated code. They then utilized the permissions of this account to access the accounts of the senior leadership team and others within the organization. The hacking technique employed by the threat actors is known as “password spraying.” This technique involves using a single common password to attempt to log into multiple accounts. Microsoft previously highlighted this method in an August blog post, revealing that the same Russian hacking team had attempted to steal credentials from numerous global organizations through Microsoft Teams chats.

Reassurance and Attribution

Microsoft emphasized that the breach was not a result of any vulnerabilities in its products or services. To date, there is no evidence indicating that the hackers gained access to customer environments, production systems, source code, or AI systems. If any necessary action is required from customers, Microsoft has assured that they will be promptly notified. The hacking unit behind this breach is referred to as Midnight Blizzard by Microsoft, while cyber security firm Mandiant, owned by Google, calls the group Cozy Bear. It’s worth noting that prior to rebranding, Microsoft had referred to this group as Nobelium.

Microsoft described the SolarWinds hacking campaign, believed to be orchestrated by the same group, as the most sophisticated nation-state attack in history. This campaign targeted not only U.S. government agencies but also more than 100 private companies and think tanks, including software and telecommunications providers. The primary focus of the Russian intelligence agency, known as SVR, is intelligence-gathering, primarily targeting governments, diplomats, think tanks, and IT service providers in the U.S. and Europe.

The breach of Microsoft’s corporate email system by state-backed Russian hackers highlights the persistent and evolving threats posed by cyber actors. The company’s rapid response and ongoing investigation demonstrate their commitment to addressing and mitigating such incidents. It serves as a reminder to organizations of all sizes to prioritize robust cybersecurity measures to protect sensitive information and maintain operational resilience in the face of growing cyber threats.

adam1

Recent Posts

Tackling Forever Chemicals: A Revolutionary Breakthrough in Water Treatment Technology

The presence of per- and polyfluoroalkyl substances (PFAS), often dubbed "forever chemicals," has raised significant…

6 hours ago

Navigating the Future of Energy Storage: Innovations Beyond Lithium

The energy storage sector is undergoing a transformative phase, pushed by growing demands for sustainable…

8 hours ago

The Unseen Forces of Evolution: How Geological Changes Shaped Marine Life

Recent research spearheaded by scientists at the University of Southampton has illuminated the complex interplay…

8 hours ago

The Next Wave: Preparing for Future Infectious Diseases in a Post-COVID Era

The COVID-19 pandemic served as a stark reminder of the fragility of human health in…

10 hours ago

Capturing Earth from Above: The Stunning Photography of the International Space Station

Space exploration has made remarkable advancements, serving not only to expand our knowledge of the…

10 hours ago

Unveiling the Mysteries of Higher-Order Topological Quantum Magnets

Recent advancements in the field of quantum physics have opened doors to understanding and manipulating…

11 hours ago

This website uses cookies.