Microsoft A Russian state-sponsored group said on Friday chopped off penetrated its corporate systems on January 12 and stole some emails and documents from employees’ accounts.
The company said the Russian group was able to access a “very small percentage” of Microsoft corporate email accounts, including members of its senior leadership team and employees in cybersecurity, legal and other functions.
Microsoft’s threat research team regularly investigates nation-state hackers such as Russia.midnight blizzard,” What they say is responsible.
The company said its investigation of the breach indicated that the hackers were initially targeting Microsoft to learn what the technology giant knew about their operations.
The company said hackers used a “password spray attack” from November 2023 to break into the Microsoft platform. Hackers use this technique to infiltrate company systems by using the same compromised password against multiple related accounts.
The Russian Embassy in Washington and the Foreign Ministry did not immediately respond to requests for comment.
Microsoft said it investigated the incident and disrupted the malicious activity, blocking the group’s access to its systems.
“This attack highlights the continued risk posed to all organizations from affluent nation-state threat actors like Midnight Blizzard,” the company said, noting that the attack was not the result of any specific vulnerabilities in its products or services. was not.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company’s blog reads.
Microsoft’s disclosure follows a new regulatory requirement imposed by the US Securities and Exchange Commission (SEC) in December that orders publicly owned companies to promptly disclose cyber incidents. Affected companies must file a report about the impact of the hack within four business days of discovery – disclosing to the government the timing, scope and nature of the breach.
Midnight Blizzard is also known as APT29, Nobelium or cozy bear by cybersecurity researchers and linked to Russia’s SVR spy agency, according to US officials. The group is known for infiltrating the Democratic National Committee around the 2016 US election.
Microsoft products are widely used in the US government. The company faced criticism for its security practices last year when Chinese hackers stole emails belonging to SeniorUS state Department officers.
The company said the Russian group was able to access a “very small percentage” of Microsoft corporate email accounts, including members of its senior leadership team and employees in cybersecurity, legal and other functions.
Microsoft’s threat research team regularly investigates nation-state hackers such as Russia.midnight blizzard,” What they say is responsible.
The company said its investigation of the breach indicated that the hackers were initially targeting Microsoft to learn what the technology giant knew about their operations.
The company said hackers used a “password spray attack” from November 2023 to break into the Microsoft platform. Hackers use this technique to infiltrate company systems by using the same compromised password against multiple related accounts.
The Russian Embassy in Washington and the Foreign Ministry did not immediately respond to requests for comment.
Microsoft said it investigated the incident and disrupted the malicious activity, blocking the group’s access to its systems.
“This attack highlights the continued risk posed to all organizations from affluent nation-state threat actors like Midnight Blizzard,” the company said, noting that the attack was not the result of any specific vulnerabilities in its products or services. was not.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company’s blog reads.
Microsoft’s disclosure follows a new regulatory requirement imposed by the US Securities and Exchange Commission (SEC) in December that orders publicly owned companies to promptly disclose cyber incidents. Affected companies must file a report about the impact of the hack within four business days of discovery – disclosing to the government the timing, scope and nature of the breach.
Midnight Blizzard is also known as APT29, Nobelium or cozy bear by cybersecurity researchers and linked to Russia’s SVR spy agency, according to US officials. The group is known for infiltrating the Democratic National Committee around the 2016 US election.
Microsoft products are widely used in the US government. The company faced criticism for its security practices last year when Chinese hackers stole emails belonging to SeniorUS state Department officers.
