Microsoft executives' emails hacked by group linked to Russian intelligence
An elite hacking group sponsored by Russian intelligence gained access to the emails of some senior Microsoft executives in late November, the company disclosed in a blog post and regulatory filing on Friday.
Microsoft said it learned of the intrusion a week ago and is still investigating. The hackers appear to have been focused on scouring Microsoft's corporate email accounts to find information related to the hacking group that Microsoft researchers call Midnight Blizzard.
The hackers accessed emails from Microsoft's senior leadership team, as well as employees in cybersecurity, legal and other groups, and took some of the emails and attachments, the company said. The company, which has worked with cybersecurity firms and governments to investigate previous attacks by the hacking group, did not name the officials whose emails were targeted.
The Russian Foreign Intelligence Service has been running a hacking group since at least 2008, According US Cybersecurity and Infrastructure Security Agency. The group is known by various aliases, including Cozy Bear, Dukes, and APT 29, and has been behind several high-profile hacks, according to previous US government investigations.
Targets include SolarWinds, a computer and technology supplier to the Democratic National Committee in 2015, which allowed Russia to gain access to systems at the State Department, the Department of Homeland Security, and parts of the Pentagon in 2020. Microsoft called That incident was “the most sophisticated nation-state cyberattack in history.”
The method used in the new hack appears to be less flashy – a relatively basic tactic known as password spraying, in which hackers try out common passwords on a huge range of accounts. group, which is famous To use this tactic, Microsoft said, a test system found an opening in an old account and then used that account's permissions to gain access to corporate email accounts.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” Microsoft said in a statement.
The regulatory filing said the company had notified and was working with law enforcement.
Microsoft, which supplies technology to many Western governments, has long been a target of nation-state hacking. Last year, Chinese hackers broke into Microsoft's systems and gained access to the email accounts of Commerce Secretary Gina M. Raimondo and other government officials.