Microsoft executives spied on by state-sponsored Russian hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Microsoft revealed on Friday that on January 12, a hacker group supported by the Russian state broke into its corporate systems and took some documents and emails from employee accounts.

The company said that the Russian group had access to “a very small percentage” of Microsoft corporate email accounts, including those of its senior leadership team and staff members working in its legal, cybersecurity, and other departments.

The threat research team at Microsoft regularly looks into nation-state hackers, like Russia’s “Midnight Blizzard,” who they claim is to blame.

According to the company, its investigation into the breach revealed that the hackers’ initial goal was to find out what information the massive tech company had about their operations from Microsoft.

The company said the hackers used a “password spray attack” starting in Nov. 2023 to breach a Microsoft platform. Hackers use this technique to infiltrate a company’s systems by using the same compromised password against multiple related accounts.

The Russian Embassy in Washington and Ministry of Foreign Affairs did not immediately respond to a request for comment.

Microsoft said it investigated the incident and disrupted the malicious activity, blocking the group’s access to its systems.

“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” the company said, noting that the attack was not the result of a specific vulnerability in it products or services.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” a company blog reads.

Microsoft’s disclosure follows a new regulatory requirement implemented by the U.S. Securities and Exchange Commission (SEC) in December that mandates publicly-owned companies to promptly disclose cyber incidents. Affected companies must file a report about a hack’s impact within four business days of discovery – disclosing the time, scope and nature of the breach to the government.

Midnight Blizzard is also known as APT29, Nobelium or Cozy Bear by cybersecurity researchers and linked to Russia’s SVR spy agency, according to U.S. officials. The group is best known for its intrusions of the Democratic National Committee surrounding the 2016 U.S. election.

Microsoft products are widely used across the U.S. government. The company faced criticism last year for its security practices after Chinese hackers stole emails belonging to senior U.S. State Department officials.

(with inputs from Reuters)

Published on: January 20, 2024 09:41:28 IST


Click Here For The Original Story From This Source.

National Cyber Security