Russian Government-Linked Hackers Successfully Breach Microsoft – Stealing Email Data of Senior Executives

A hacking group affiliated with the Russian government successfully breached the corporate network of Microsoft, as the company disclosed late Friday. Emails and attachments belonging to senior executives and individuals in the cybersecurity and legal departments were pilfered in the attack.

The APT group, identified as Midnight Blizzard/Nobelium, executed a password spray attack to compromise a legacy non-production test tenant account, establishing a foothold. Subsequently, the attackers utilized the account’s permissions to infiltrate a limited number of Microsoft corporate email accounts.

In a filing with the Securities and Exchange Commission (SEC), Microsoft stated, “[They] exfiltrated some emails and attached documents.” The company’s security team detected the nation-state attack on January 12, 2024, with the origins traced back to November 2023.

Among the victims were members of Microsoft’s senior leadership team. Notably, the hackers initially targeted email accounts seeking information pertaining to the company’s awareness of the APT operation.

Importantly, Microsoft emphasized that the breach was not a result of vulnerabilities in its products or services. The company assured that there is no evidence indicating the threat actor accessed customer environments, production systems, source code, or AI systems. Microsoft committed to informing customers if any action is necessary.

To address the situation, Microsoft announced immediate measures to apply its current security standards to legacy systems and internal processes, even if disruptions to existing business processes are anticipated. Acknowledging potential challenges, the company stated, “We will act immediately… even when these changes might cause disruption to existing business processes,” adding that adjustments will be made to adapt to the new security landscape.

Microsoft is actively continuing its investigation and expressed its commitment to taking further actions based on the investigation’s outcomes. The company also emphasized its collaboration with law enforcement and relevant regulators in addressing the incident.