NEWS  Security  January 20, 2024  Reading time: 2 Minute(s)

Max (RS editor)

In a significant revelation, Microsoft has confirmed that a hacker group sponsored by Russia has successfully breached the email accounts of several company executives. The announcement came through a regulatory filing and was later detailed in a post on the Microsoft Security Response Center Blog.

According to the blog post, the cyberattack, attributed to the notorious hacker group known by the names Nobelium and Midnight Blizzard, utilized a password spray attack to compromise a legacy non-production test tenant account back in November 2023. The attack yielded unauthorized access to email accounts used by members of Microsoft's senior leadership team and employees in crucial functions such as cybersecurity and legal. Moreover, the attackers exfiltrated some emails and attached documents during the breach.

Microsoft, in its statement, revealed that the company only detected the attack last week, on January 12. Immediate steps were taken to mitigate the attack and prevent further access by the threat actors. Importantly, Microsoft clarified that the attack was not a result of vulnerabilities in its products or services. Additionally, there is no evidence to suggest that the threat actors had access to customer environments, production systems, source code, or AI systems.

This recent cybersecurity incident follows Microsoft's announcement in November 2023 of the Secure Future Initiative, an effort aimed at enhancing digital security in response to a separate cyberattack by Chinese hackers on Outlook-based government email accounts in the US and Europe. The initiative includes the deployment of new and improved methods, including AI-based measures, to detect cyber threats more rapidly.

In light of the recent breach, Microsoft emphasized the need to accelerate its security measures, stating:

"This has highlighted the urgent need to move even faster."

The company pledged to immediately apply its current security standards to Microsoft-owned legacy systems and internal business processes, even if such changes may cause disruption to existing operations. The company is actively collaborating with law enforcement authorities and regulators in its ongoing investigation into the cyberattack, and has committed to providing more details as the investigation progresses and as deemed appropriate.

 COVER IMAGE BY VECTORJUICE ON FREEPIK