New York: In a recent revelation, Microsoft disclosed that a state-sponsored Russian hacker group breached its corporate systems on January 12, gaining unauthorized access to documents and emails from employee accounts. The impacted accounts included those of senior leadership, as well as staff members in legal, cybersecurity, and other departments.
Microsoft’s threat research team, responsible for investigating nation-state hackers such as Russia’s “Midnight Blizzard,” confirmed the intrusion. The company reported that the hackers utilized a “password spray attack” commencing in November 2023, a technique where compromised passwords are systematically applied to various related accounts.
Despite the severity of the breach, Microsoft assured that its investigation showed the hackers’ primary objective was to ascertain the information the tech giant possessed about their operations.
The Russian Embassy in Washington and the Ministry of Foreign Affairs did not respond immediately to requests for comments.
Microsoft promptly addressed the incident, disrupting malicious activities and preventing further access to its systems. The company emphasized that the attack did not exploit any specific vulnerabilities in its products or services.
“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” Microsoft stated. The company also clarified that there is no evidence indicating the threat actor accessed customer environments, production systems, source code, or AI systems.
Microsoft’s disclosure aligns with a new regulatory requirement from the U.S. Securities and Exchange Commission (SEC), implemented in December. The regulation mandates publicly-owned companies to promptly disclose cyber incidents, requiring affected companies to file a report within four business days of discovery, outlining the time, scope, and nature of the breach to the government.
The hacker group, Midnight Blizzard, also known as APT29, Nobelium, or Cozy Bear, is linked to Russia’s SVR spy agency, according to U.S. officials. This group gained notoriety for intrusions into the Democratic National Committee during the 2016 U.S. election.
It is worth noting that Microsoft products are extensively used across the U.S. government, and the company faced criticism last year for security lapses when Chinese hackers stole emails belonging to senior U.S. State Department officials.
