Cybersecurity: Russia-sponsored hackers breach Microsoft systems

Microsoft has announced that on January 12, a state-sponsored group from Russia, “Midnight Blizzard,” successfully breached its corporate systems, gaining unauthorized access to staff accounts and stealing some emails and documents.

According to the company, the Russian group managed to infiltrate a limited number of Microsoft corporate email accounts, constituting only a “very small percentage.” These compromised accounts included those of the senior leadership team as well as employees in crucial departments such as cybersecurity, legal, and various other functions.

Microsoft’s threat research team routinely investigates nation-state hackers. The company said its probe into the breach indicated the hackers were initially targeting Microsoft to learn what the technology giant knew about their operations.

The company revealed that, commencing in November 2023, hackers employed a “password spray attack” to breach a Microsoft platform. This method involves infiltrating a company’s systems by leveraging a compromised password across numerous interconnected accounts.

The Russian Embassy in Washington and the Ministry of Foreign Affairs did not immediately respond to a request for comment.

Microsoft said it investigated the incident and disrupted the malicious activity, blocking the group’s access to its systems.

Also Read: EU plans $1.2 billion to counter cybersecurity threats

“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” the company said, noting that the attack was not the result of a specific vulnerability in its products or services.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” a company blog reads.

Microsoft’s disclosure follows a recent regulatory mandate introduced by the U.S. Securities and Exchange Commission (SEC) in December. This directive compels publicly-owned companies to expeditiously disclose cyber incidents. In adherence to this requirement, affected companies are obligated to file a report detailing the impact of a hack within four business days of its discovery. This report must encompass crucial details, including the timing, scope, and nature of the breach, and it must be submitted to the government for comprehensive disclosure.

Midnight Blizzard is also known as APT29, Nobelium or Cozy Bear by cybersecurity researchers and is linked to Russia’s SVR spy agency, according to U.S. officials. The group is best known for its intrusions into the Democratic National Committee surrounding the 2016 U.S. election.

Microsoft’s products are extensively utilized throughout the U.S. government. The company came under scrutiny last year due to concerns about its security practices, particularly following an incident where Chinese hackers successfully pilfered emails belonging to senior U.S. State Department officials.