BOSTON — State-sponsored Russian hackers breached Microsoft’s corporate email system, gaining access to the accounts of members of the firm’s executive team, as well as staff on its cybersecurity and legal teams, the company claimed Friday.
In a blog post, the compamy stated that the breach started in late November and was discovered on January 12. It claimed that the same highly skilled Russian hacker team that caused the SolarWinds intrusion was to blame.
According to the company, only “a very small percentage” of corporate accounts were accessed, and some emails and linked documents were stolen.
Microsoft Says State-Backed Russian Hackers Accessed Emails Of Senior Leadership Team Members
A corporate representative said Microsoft had no immediate comment on who or how many members of its senior leadership had their email accounts compromised. In a regulatory filing Friday, Microsoft stated that it was able to terminate the hackers’ access to the compromised accounts on or around January 13.
“We are in the process of notifying employees whose email was accessed,” a representative said, adding that its research shows the hackers were first targeting email accounts for information about their actions.
The Microsoft revelation comes a month after a new Securities and Exchange Commission rule went into force, requiring publicly traded corporations to disclose breaches that could harm their businesses. It gives them four days to do so unless they acquire a national security waiver.
In Friday’s SEC regulatory statement, Microsoft stated that “as of the date of this filing, the incident has not had a material impact” on company operations. It said that it has not yet “determined whether the incident is reasonably likely to materially impact” its finances.
Microsoft Says State-Backed Russian Hackers Accessed Emails Of Senior Leadership Team Members
Microsoft, located in Redmond, Washington, said the hackers from Russia’s SVR foreign intelligence agency gained access by compromising credentials on a “legacy” test account, implying it contained obsolete programming. After obtaining a footing, they used the account’s rights to acquire access to the senior leadership team’s and other accounts. The hackers utilised a brute-force assault tactic known as “password spraying.”
The threat actor attempts to connect to several accounts using a single common password. In an August blog post, Microsoft revealed how its threat intelligence team uncovered that the same Russian hacker gang had used the approach to attempt to acquire credentials from at least 40 different global organisations via Microsoft Teams chat.
“The attack was not the result of a vulnerability in Microsoft products or services,” the company stated on its blog. “There is currently no evidence that the threat actor got access to customer environments, production systems, source code, or AI systems. We will alert clients if further action is required.”
Microsoft refers to the hacking unit as Midnight Blizzard. Before last year’s overhaul of its threat-actor terminology, the group was known as Nobelium. Mandiant, a cybersecurity firm owned by Google, refers to the group as “Cosy Bear.”
Microsoft Says State-Backed Russian Hackers Accessed Emails Of Senior Leadership Team Members
In a 2021 blog post, Microsoft described the SolarWinds cyber attempt as “the most sophisticated nation-state attack in history.” In addition to US government institutions such as the Justice and Treasury departments, over 100 commercial enterprises and think tanks, including software and telecommunications providers, were infiltrated.
The SVR’s major focus is intelligence gathering. It is primarily directed at governments, diplomats, think tanks, and IT service providers in the United States and Europe.
SOURCE – (AP)
