Microsoft suffered a major security breach when state-backed Russian hackers managed to infiltrate the company’s corporate email system. The cyberattack resulted in unauthorized access to the accounts of members of the company’s leadership team, as well as those of employees on its cybersecurity and legal teams, Microsoft reported on Friday.

The intrusion began in late November and continued undetected until January 12, when it was finally discovered by the company. Microsoft confirmed that the same highly skilled Russian hacking team responsible for the SolarWinds breach was behind this latest attack.

According to a blog post by Microsoft, only “a very small percentage” of corporate accounts were accessed, but the hackers were able to steal some emails and attached documents. The company has not provided specific details on which or how many members of its senior leadership had their email accounts breached.

Microsoft managed to remove the hackers’ access from the compromised accounts on or about January 13. The company is currently in the process of notifying employees whose email was accessed. It also stated that its investigation indicates the hackers were initially targeting email accounts for information related to their activities.

This disclosure by Microsoft comes in the aftermath of a new U.S. Securities and Exchange Commission rule that compels publicly traded companies to disclose breaches that could negatively impact their business. Microsoft filed a regulatory report with the SEC on Friday, stating that, as of that date, the incident had not had a material impact on its operations. However, the company has not determined whether the incident is reasonably likely to materially affect its finances.

The hackers from Russia’s SVR foreign intelligence agency were able to gain access to Microsoft’s system by compromising credentials on a “legacy” test account, indicating that it may have had outdated security measures. After gaining a foothold, they used the account’s permissions to access the accounts of the senior leadership team and others, using a technique known as “password spraying.”

This technique involves using a single common password to try to log into multiple accounts. Microsoft has clarified that the attack was not the result of a vulnerability in its products or services, and to date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

The hacking unit responsible for the breach has been identified by Microsoft as Midnight Blizzard. Previously, the group was designated as Nobelium, and by the cybersecurity firm Mandiant, owned by Google, as APT29. This group has been known to engage in sophisticated cyberattack campaigns, with the SolarWinds hacking campaign being labeled as “the most sophisticated nation-state attack in history” by Microsoft in a 2021 blog post.

The main focus of the SVR is intelligence-gathering, primarily targeting governments, diplomats, think tanks, and IT service providers in the U.S. and Europe. The SolarWinds breach affected not only U.S. government agencies, including the departments of Justice and Treasury, but also more than 100 private companies and think tanks, including software and telecommunications providers.

Overall, the breach has raised serious concerns about the cybersecurity vulnerabilities of major corporations and government institutions. The incident highlights the need for continuous efforts to strengthen cybersecurity measures to combat the growing threat of state-sponsored hacking and espionage.

Source link