CNN
—
A Russian hacking group gained entry to some electronic mail accounts of Microsoft senior leaders, the software program large disclosed in a regulatory submitting Friday afternoon.
“The Microsoft safety staff detected a nation-state assault on our company programs on January 12, 2024, and instantly activated our response course of to research, disrupt malicious exercise, mitigate the assault, and deny the risk actor additional entry,” the Microsoft Safety Response Heart mentioned in a blog post. “Microsoft has recognized the risk actor as Midnight Blizzard, the Russian state-sponsored actor also referred to as Nobelium.”
Nobelium, notably, is identical group accountable for the infamous SolarWinds breach again in 2020.
Hackers had been capable of acquire entry to “a really small share of Microsoft company electronic mail accounts,” the weblog publish added, together with accounts belonging to members of its senior management staff and staff in its cybersecurity and authorized departments.
The corporate mentioned that hackers had been capable of exfiltrate some emails and connected paperwork, although the preliminary investigation signifies that the attackers gave the impression to be in search of info associated to Midnight Blizzard itself. That mirrors what the identical group did when it used tampered software program made by SolarWinds to infiltrate US businesses in 2020 — after which sought to track how the US government was responding to its intrusions.
Microsoft mentioned it’s within the means of notifying staff whose electronic mail was accessed. There may be at present no proof that the hackers had any entry to buyer environments or AI programs, Microsoft mentioned.
The assault started in late November 2023, the corporate mentioned, and hackers gained an preliminary foothold utilizing a so-called “password spray assault.” Password spraying refers back to the try to entry a lot of accounts utilizing generally identified passwords.
The corporate mentioned the investigation is ongoing and it’ll proceed working with legislation enforcement and acceptable regulators, pledging to share extra info publicly because it turns into out there.
The assault highlights “the continued threat posed to all organizations from well-resourced nation-state risk actors like Midnight Blizzard,” the corporate mentioned.
Microsoft programs have been the goal of multiple recent high-profile hacking efforts.
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Safety Company didn’t instantly reply to CNN’s request for touch upon the hack Friday. Microsoft declined a request for added remark.
This story has been up to date with further developments.