Microsoft
late Friday disclosed that the email accounts of some of the company’s senior leadership team have been accessed by hackers backed by the Russian government, allowing them to read some email messages and attached documents.
The software company said it “detected a nation-state attack on our corporate systems” on Jan. 12 “and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.”
The company identified the “threat actor” as Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.” This isn’t the first time that Microsoft has discovered attacks on its software by Midnight Blizzard; in August the company disclosed an attack involving the use of Microsoft Teams chats, affecting small businesses.
Microsoft said that starting in late November, Midnight Blizzard used a password spray attack—the use of common passwords on multiple accounts—on a non-production test account and then “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.”
Microsoft said its investigation found that the group was initially looking for information related to Midnight Blizzard itself. The company said the attack “was not the result of a vulnerability in Microsoft products or services.”
Microsoft said that so far “there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”
In response to the attack, Microsoft said it is “shifting the balance we need to strike between security and business risk” given the resources and funding of certain hacking groups.
“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” the company said. “This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy.”
The company said it is continuing its investigation “and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators.”
Write to Eric J. Savitz at [email protected]
Read the full article here
