Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Microsoft: Russian Hackers Had Access to Executives' Emails
Computing Giant Says Hackers Did Not Access Customer Data or Production SystemsRussian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon.
See Also: 2020 Report: Breach Exposure of Fortune 1000 Employees - by Sector
In a filing with U.S. regulators, Microsoft disclosed a late November attack that had led to the exfiltration of email and documents from the email accounts of "senior leadership" and employees in its cybersecurity and legal departments. It detected the attack on Jan. 12 and cut off hackers' access "on or about Jan. 13."
"To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," the company said.
Microsoft fingered the Russian state hacking group it tracks as Midnight Blizzard - formerly Nobelium - also known as APT29 and CozyBear. The White House in 2021 connected the group to the Russian Foreign Intelligence Service after its hackers had inserted a backdoor into IT infrastructure software developed by SolarWinds.
A representative for Microsoft did not immediately return a request for comment clarifying what constitutes Microsoft "senior leadership."
Microsoft stock is currently down 0.42% in after-hours trading; Microsoft disclosed the incident after the market closed Friday.
The company in its regulatory disclosure said attackers had executed a password spraying attack in late November and gained access to "a legacy non-production test tenant account." Password spraying is a technique in which hackers enter the same password guess into a number of accounts in an attempt to avoid account lockout by betting that at least one user uses a previously leaked password or has one that is easy to guess.
From that foothold, hackers were able to use the account permission to access "a very small percentage of Microsoft corporate email accounts."
"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said.
It's too early to determine whether the incident will materially affect the company's financial condition or operations, the company told regulators. It vowed to henceforth apply current security standards to legacy systems "even when these changes might cause disruption to existing business processes."
With reporting from Information Security Media Group's Michael Novinson in Massachusetts