Microsoft Reveals Cyber Attack by Russian-Linked Group on Email Accounts
Microsoft Corp., led by CEO Satya Nadella, has disclosed a cyber attack on its email accounts carried out by a Russian-linked group called Midnight Blizzard. The attack impacted a limited number of email accounts, including those belonging to senior leadership, cybersecurity, and legal personnel.
Taking swift action to address the breach, Microsoft is particularly focusing on older systems, which may experience some disruption. The company clarified that the hacking group did not gain access to customer systems or servers hosting outward-facing products. Furthermore, there is no evidence to suggest compromise of source code or artificial intelligence systems.
According to a statement from the Microsoft Security Response Center, the threat actor utilized a password spray attack to gain entry into a legacy non-production test tenant account back in late November 2023. From there, they leveraged the account’s permissions to access a small percentage of Microsoft corporate email accounts, including senior leadership and employees from various functions such as cybersecurity and legal. The attackers managed to exfiltrate some emails and attached documents.
Midnight Blizzard, also known as Nobelium, is a highly sophisticated hacking group associated with Russia. This group has been previously implicated in the SolarWinds cyber-espionage effort targeting US federal agencies.
The breach commenced in November, deploying a technique known as password spray attack. This method involves rapidly attempting multiple passwords on specific usernames in order to gain unauthorized access to targeted corporate accounts. Along with unauthorized account access, the attackers also obtained emails and attached documents. Microsoft detected the hack on January 12 and is currently notifying the affected employees.
Microsoft is closely collaborating with the US Cybersecurity and Infrastructure Security Agency to assess the impact of the incident and safeguard potential victims. As a frequent target of major hacking campaigns, the company previously faced a 2023 intrusion attributed to hackers linked to China.
In a post-breach interview, Jen Easterly, the director of the US Cyber Safety Review Board, urged Microsoft to prioritize security over new features. Easterly emphasized the importance of being secure by default and secure by design.
Microsoft announced a comprehensive overhaul of its security measures in November following a series of high-profile hacks. The recent cyber attack underscores the urgent need for accelerated changes, particularly for older systems and products.
In conclusion, Microsoft has disclosed a cyber attack carried out by a Russian-linked group on its email accounts. The company is swiftly addressing the breach and working to minimize any disruption. As the investigation continues, Microsoft will continue collaborating with relevant authorities to protect potential victims and enhance its cybersecurity protocols.
