State-backed Russian hackers breach Microsoft’s email system, says tech giant | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

In a recent disclosure, tech giant Microsoft reported that state-backed Russian hackers successfully infiltrated the company’s corporate email system, AP reported. The breach affected accounts of key members of the leadership team, and employees in the cybersecurity and legal departments, it added.

The intrusion commenced in late November 2022, with Microsoft detecting it on January 12. The same highly skilled Russian hacking team responsible for the SolarWinds breach was identified as the threat actor.

Microsoft clarified that only a “very small percentage” of its corporate accounts were accessed. Some emails and attached documents were stolen during the breach.

Leadership Accounts Affected

While Microsoft did not immediately disclose which senior leadership members had their email accounts breached, the company stated that it is in the process of notifying affected employees.

Microsoft was able to remove the hackers’ access from compromised accounts around January 13. The company emphasised ongoing investigations into the incident, indicating that the hackers initially targeted email accounts for information related to their activities.

In compliance with a new United States Securities and Exchange Commission (US SEC) rule, Microsoft filed a regulatory report on January 19. The filing mentioned that, as of the reporting date, the incident has not had a material impact on the company’s operations. However, the impact on its finances is yet to be determined.

Access Method and Technique

The hackers, identified as Russia’s SVR foreign intelligence agency, gained access by compromising credentials on a “legacy” test account, hinting at outdated code. Using a technique called “password spraying,” the threat actors employed a brute-force attack, attempting to log in to multiple accounts with a single common password.

Microsoft refers to the hacking unit as Midnight Blizzard, previously known as Nobelium. Cybersecurity firm Mandiant, a subsidiary of Google, identifies the group as Cozy Bear.

Microsoft highlighted that the recent breach shares a commonality with the SolarWinds hacking campaign, considered “the most sophisticated nation-state attack in history.” The SVR primarily focuses on intelligence-gathering, targeting governments, diplomats, think tanks, and IT service providers in the US and Europe.

In its disclosure, Microsoft assured that the breach was not due to a vulnerability in its products or services. As of now, there is no evidence suggesting access to customer environments, production systems, source code, or AI systems. The company also pledged to notify customers if any further action is required.

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it’s all here, just a click away! Login Now!


Click Here For The Original Story From This Source.

National Cyber Security