Russian hackers target emails of Microsoft senior leaders, company says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Microsoft said several corporate emails were infiltrated in November by Midnight Blizzard, a Russian-backed hacking group also known as Nobelium. The same group was responsible for the breach of software company SolarWinds in 2020. EPA-EFE/JUSTIN LANE

Jan. 20 (UPI) — Microsoft said Friday that a Russian hacking group gained access to some email accounts belonging to the company’s senior leaders.

The software corporation disclosed in a regulatory filing that it detected a “nation-state attack” on its systems on Jan. 12. Microsoft identified the culprit as Midnight Blizzard, a Russian-state sponsored actor also known as Nobelium, and put a stop to the attack on Jan. 13.


According to the filing, Nobelium in November used a “password spray attack” — a method of trying commonly used passwords — to infiltrate a “legacy” account and then use that account’s permissions to access a “very small percentage” of corporate email accounts.

The hacker group infiltrated email accounts belonging to Microsoft senior leadership, as well as employees in cybersecurity, legal and other departments, the company said.

Microsoft said Nobelium was initially searching for information regarding the group itself. There was no evidence that the group had any access to customer accounts or AI systems. Microsoft said it is currently notifying employees whose emails were accessed, and it will notify customers if any action is required on their end.

The company said the attack was not due to a vulnerability in its products or services, but it did highlight the continuous risk organizations face from “well-resourced nation-state threat actors” like Nobelium.

Nobelium also orchestrated the infamous 2020 attack on government software contractor SolarWinds, by which it sought to breach numerous government agencies, including the Pentagon.

Microsoft’s report follows new government requirements for disclosing cybersecurity incidents. Under the new rules, companies must disclose any cybersecurity incident they deem to have a “material impact” and the scope and nature of that impact.

The company said it did not believe the attack had any material impact, but it still wanted to “honor the spirit” of the new rules.


Click Here For The Original Story From This Source.

National Cyber Security