Microsoft Warns Organizations of Russia-Backed Hackers’ Threats Following Email Breach
Microsoft Corporation has sent out alerts to various organizations, notifying them that they are potential targets of the Russian-sponsored hacking group known as Midnight Blizzard or Cozy Bear. This group is the same one that breached the executives’ email accounts of Microsoft late last year. The warnings came after Midnight Blizzard’s recent activities extended beyond Microsoft, with Hewlett Packard Enterprise Co. also reporting a breach in their cloud-based email system, attributing it to the activities of this hacking group.
In a blog post by Microsoft’s Threat Intelligence team, it was revealed that Midnight Blizzard has been targeting a range of organizations. Microsoft has taken proactive steps to initiate notification processes for these targeted entities. The breach in Hewlett Packard Enterprise’s email system serves as evidence of the broader reach of this hacking group.
Microsoft previously disclosed that Midnight Blizzard gained access to a small number of email accounts, including those of senior leadership and employees in cybersecurity and legal roles, by compromising a legacy non-production test tenant account. Surprisingly, this compromised email account lacked multifactor authentication, which is a standard security measure.
Hewlett Packard Enterprise (HPE) was notified about the breach in their email systems on December 12. Investigators suspect that the hackers, who have been identified as Russia’s SVR foreign intelligence agency, accessed and infiltrated data as early as May. The primary targets were a small percentage of HPE mailboxes belonging to employees in cybersecurity and other departments.
The breach in Microsoft’s systems occurred when the hackers compromised credentials on a legacy test account, suggesting vulnerabilities in outdated code. The United States government has linked this hacking group, also known as Nobelium, to Russia. Nobelium gained notoriety for their involvement in the massive cyber-espionage campaign against several federal agencies, including the breach of SolarWinds Corp.
Microsoft has emphasized the similarity between the recent breach and the SolarWinds hacking campaign, which is considered the most sophisticated nation-state attack in history. The SVR’s main focus is intelligence-gathering, with targets ranging from governments and diplomats to think tanks and IT service providers in the US and Europe.
The recent activities of Midnight Blizzard highlight the continuous threat posed by this Russian-linked hacking group. Organizations must remain vigilant and take necessary security measures to protect their systems from such sophisticated cyber attacks.
In conclusion, Microsoft’s alerts to organizations about the threats posed by Midnight Blizzard or Cozy Bear, a Russian-backed hacking group, serve as a timely warning for potential targets. The breach in Hewlett Packard Enterprise’s email system further confirms the expanding reach of this hacking group. As cyber threats become increasingly sophisticated, organizations need to prioritize their cybersecurity measures to safeguard their sensitive information.
