22 January 2024

Microsoft reveals Russian hackers accessed emails of its executives


Microsoft reveals Russian hackers accessed emails of its executives

Russian nation-state hackers compromised Microsoft’s corporate systems and gained access to the email accounts of the company’s employees, including senior staff, and “exfiltrated some emails and attached documents.”

The intrusion, which Microsoft has attributed to a Russian government-backed group it tracks as Midnight Blizzard (aka APT29, Cozy Bear and Nobelium), took place in November 2023 and was discovered on January 12, 2024. Nobelium, notably, is the same threat actor believed to be responsible for the infamous SolarWinds breach back in 2020.

As per Microsoft, the attackers compromised a legacy non-production test tenant account using a password spray attack. After gaining a foothold, the threat actor used the account’s permissions to access “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.”

The tech giant said that Midnight Blizzard’s initial goal was to obtain information related to the group itself

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company noted.


Back to the list

Latest Posts

Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024
US seizes 32 domains linked to Russian Doppelganger influence campaign

US seizes 32 domains linked to Russian Doppelganger influence campaign

The domains, used to disseminate propaganda, were seized as part of a broader effort to disrupt Russia’s attempts to interfere in the 2024 US Presidential Election.
5 September 2024