A hacking group linked to a Russian intelligence company accessed the emails of a number of senior Microsoft executives and different staff, the corporate disclosed Friday.
Microsoft stated it detected the assault on January 12, and has decided {that a} hacking group referred to as Midnight Blizzard or Nobelium is accountable. That’s the identical group behind the 2020 SolarWinds cyberattack. Microsoft and US cybersecurity officers Nobelium is a part of Russia’s Overseas Intelligence Service (SVR).
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the corporate wrote in a weblog put up.
The corporate didn’t determine which members of its “senior leadership” have been focused, however stated its preliminary investigation suggests the group was searching for data associated to itself. Firm officers thus far don’t have any proof that “customer environments, production systems, source code, or AI systems,” have been accessed.
Although the corporate says the assault “was not the result of a vulnerability in Microsoft products or services,” it’s taking steps to “immediately” enhance the safety of “Microsoft-owned legacy systems and internal business processes.” The adjustments “will likely cause some level of disruption,” it added.