Microsoft Hacked by Russia-Sponsored Group: Latest Cybersecurity Breach | | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Microsoft has announced that its corporate systems were hacked by a Russian state-sponsored group on January 12. The hackers were able to access a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity and legal departments.
Hackers who allegedly targeted Microsoft
Microsoft’s threat research team, responsible for investigating nation-state hackers, says that it identified the group as ‘Midnight Blizzard,’ believed to be linked to Russia.
‘Midnight Blizzard,’ also known as APT29, Nobelium, or Cozy Bear, is associated with Russia’s SVR spy agency and has previously targeted the Democratic National Committee during the 2016 US election, news agency Reuters reported.
The investigation revealed that the hackers targeted Microsoft to gather information about their own operations.
They employed a technique called ‘password spray attack’ starting in November 2023. This technique involved using the same compromised password across multiple accounts to infiltrate the company’s systems.
What Microsoft has to say
Upon discovering the breach, Microsoft promptly investigated and disrupted the malicious activity, cutting off the hackers’ access to its systems. The company clarified that the attack was not the result of any specific vulnerability in its products or services.
“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” the company said.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” it added..
Microsoft’s disclosure comes after a new regulatory requirement by the US Securities and Exchange Commission (SEC) that mandates prompt reporting of cyber incidents by publicly-owned companies. Affected companies must file a report within four business days of discovery, providing details of the breach to the government.
Microsoft products are widely used in the U.S. government, and the company has faced criticism in the past for its security practices.

!(function(f, b, e, v, n, t, s) {
function loadFBEvents(isFBCampaignActive) {
if (!isFBCampaignActive) {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.defer = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, ‘’, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);

function loadGtagEvents(isGoogleCampaignActive) {
if (!isGoogleCampaignActive) {
var id = document.getElementById(‘toi-plus-google-campaign’);
if (id) {
(function(f, b, e, v, n, t, s) {
t = b.createElement(e);
t.async = !0;
t.defer = !0;
t.src = v; = ‘toi-plus-google-campaign’;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, ‘’, n, t, s);

function loadSurvicateJs(allowedSurvicateSections = []){
const section = window.location.pathname.split(‘/’)[1]
const isHomePageAllowed = window.location.pathname === ‘/’ && allowedSurvicateSections.includes(‘homepage’)

if(allowedSurvicateSections.includes(section) || isHomePageAllowed){
(function(w) {
var s = document.createElement(‘script’);
s.async = true;
var e = document.getElementsByTagName(‘script’)[0];
e.parentNode.insertBefore(s, e);


window.TimesApps = window.TimesApps || {};
var TimesApps = window.TimesApps;
TimesApps.toiPlusEvents = function(config) {
var isConfigAvailable = “toiplus_site_settings” in f && “isFBCampaignActive” in f.toiplus_site_settings && “isGoogleCampaignActive” in f.toiplus_site_settings;
var isPrimeUser = window.isPrime;
if (isConfigAvailable && !isPrimeUser) {
} else {
var JarvisUrl=””;
window.getFromClient(JarvisUrl, function(config){
if (config) {


Click Here For The Original Story From This Source.

National Cyber Security