Microsoft reported on Friday that a Russian state-sponsored group of hackers breached its corporate systems on January 12 and stole emails and documents from staff accounts.
The Russian hackers group was able to access “a very small percentage” of Microsoft corporate email accounts. Including members of its senior leadership team and employees in its cybersecurity, legal, and other functions, the company said.
Microsoft’s threat research team routinely investigates nation-state hackers, including Russia’s “Midnight Blizzard,” who they claim are responsible.
The Russian Hackers Wanted to Find Out How Much Microsoft Knew
According to the company’s investigation into the breach, the hackers initially targeted Microsoft to learn what the technology giant knew about their operations.
Furthermore, According to the company, the Russian hackers breached a Microsoft platform through a “password spray attack” that began in November 2023. Hackers use this technique to infiltrate a company’s systems by using the same compromised password on multiple accounts.
The Russian Embassy in Washington and the Ministry of Foreign Affairs did not immediately respond to requests for comment.
Microsoft said it investigated the incident and stopped the malicious activity, denying the group access to its systems.
Moreover, “This attack does highlight the continued risk posed to all organizations by well-resourced nation-state threat actors like Midnight Blizzard,” the company stated. Noting that the attack was not because of any specific vulnerability in its products or services.
Also, “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” according to a blog post by the company.
The group’s is responsible for the 2016 presidential election cyberattacks.
Microsoft’s disclosure comes in response to a new regulatory requirement imposed by the United States Securities and Exchange Commission. Which requires publicly traded companies to promptly disclose cyber incidents. Affected companies must report the impact of a hack to the government within four business days of discovery. Including the time, scope, and nature of the breach.
Midnight Blizzard is also known as APT29, Nobelium, or Cozy Bear by cybersecurity researchers and is linked to Russia’s SVR spy agency, according to U.S. officials. The group is best known for infiltrating the Democratic National Committee during the 2016 presidential election.
Microsoft products are widely used across the U.S. government. The company faced criticism last year for its security practices after Chinese hackers stole emails belonging to senior U.S. State Department officials.
