Microsoft claims Russian state-sponsored group hacked its employees emails | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Microsoft said on Friday that a Russian state-sponsored group hacked into its corporate systems on January 12 and stole some emails and documents from the accounts of members of the company’s leadership team, as well as those of employees on its cybersecurity and legal teams.

The tech company said in a blog post that its security team detected the attack on Jan. 12 and quickly identified the group responsible: Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.” It said the same highly skilled Russian hacking team behind the SolarWinds breach was responsible.

“A very small percentage” of Microsoft corporate accounts were accessed, the American multinational technology corporation, best-known software products, said, and some emails and attached documents were stolen.

Microsoft’s threat research team routinely investigates nation-state hackers such as Midnight Blizzard. The company said that hackers were able to exfiltrate some emails and attached documents, though the preliminary investigation indicates that the attackers seemed to be seeking information related to Midnight Blizzard itself. That mirrors what the same group did when it used tampered software made by SolarWinds to infiltrate US agencies in 2020 — and then sought to track how the US government was responding to its intrusions.

Microsoft said it is in the process of notifying employees whose email was accessed. There is currently no evidence that the hackers had any access to customer environments or AI systems, Microsoft said.

The company reported that the attack commenced in late November 2023, with hackers establishing an initial presence through a technique known as a “password spray attack.” This method involves attempting to access numerous accounts by trying widely recognized passwords.

The company stated that the inquiry is still underway and that it will go on cooperating with relevant authorities and law enforcement. It also promised to make additional information available to the public as it becomes available.

There was no immediate response from the Russian Embassy in Washington and the Ministry of Foreign Affairs to a request for comment. Microsoft investigated the incident and successfully thwarted the malicious activity, cutting off the threat actor’s access to its systems.


Image source: AP


Click Here For The Original Story From This Source.

National Cyber Security