Microsoft (NASDAQ: MSFT) recently disclosed that a Russian state-sponsored hacking group, known as Midnight Blizzard or Nobelium, infiltrated its corporate email system. This breach, which began in late November 2023 and was discovered on January 12, 2024, resulted in unauthorized access to a small percentage of internal email accounts, including those of senior leadership and employees in cybersecurity and legal departments.
The hackers extracted emails and documents, primarily seeking information related to their own activities. Microsoft is notifying affected employees and asserts that there’s no evidence of hackers accessing customer environments, production systems, source code, or AI systems. The incident is under investigation, in collaboration with law enforcement.
Why it matters: This attack on Microsoft transcends simple data theft – it represents a sophisticated exercise in targeted intelligence gathering. By strategically focusing on the email accounts of the company’s senior leadership and critical departments such as cybersecurity and legal, the attackers demonstrate a profound interest in deciphering and potentially compromising Microsoft’s internal defense strategies and responses to cyber threats.
- The same Russian state-sponsored hacking group that hacked Microsoft’s corporate email system was also responsible for the 2020 SolarWinds breach. This group is known for its sophisticated cyber espionage tactics, targeting significant entities in both the private and government sectors. Their involvement in both the SolarWinds and Microsoft breaches highlights their continued focus on high-profile, strategic intelligence gathering.
- The hackers used a tactic referred to as “password spraying”. This technique involves using common passwords to try to access a large number of accounts, exploiting weak password practices.
- Microsoft is complying with a new U.S. SEC rule requiring disclosure of business-impacting breaches. They reported that the recent hacking incident has not significantly affected their operational activities as of the filing date. However, they also noted that they have not yet concluded whether the incident could potentially have a substantial impact on their financial situation.
Microsoft says state-sponsored Russian hacking group accessed email accounts of senior leaders – CNN
State-backed Russian hackers accessed senior leaders’ emails, Microsoft says – OPB