Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Microsoft Says Russian Gov Hackers Stole Email Data From Senior Execs

A Russian government-backed hacking team broke into Microsoft’s corporate network and stole emails and attachments from senior executives.

Microsoft Hit by Nation State Actor Midnight Blizzard

A Russian government-backed hacking team successfully hacked into Microsoft’s corporate network and stole emails and attachments from senior executives and targets in the cybersecurity and legal departments, the company disclosed late Friday.

The Redmond, Wash. software giant said the APT group, known as Midnight Blizzard/Nobelium, used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts.

“[They] exfiltrated some emails and attached documents,” Microsoft said in a filing with the Securities and Exchange Commission (SEC).

The company said its security team detected the nation-state attack on its corporate systems on January 12, 2024 and traced the infection back to November 2023.

The company said members of its senior leadership team were among the victims and noted that the hackers were initially targeting email accounts for information related to Redmond’s own knowledge of the APT operation. 

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the world’s largest software maker said.

Russia hackers hit Microsoft

“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” Microsoft said, noting the changes will “likely cause some level of disruption while we adapt to this new reality.”

“We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators,” Microsoft added.

The discovery of Russian hackers in Microsoft’s network comes less than six months after Chinese cyberspies were caught forging authentication tokens using a stolen Azure AD enterprise signing key to break into M365 email inboxes. 

Advertisement. Scroll to continue reading.

The hack, which led to the theft of email data from approximately 25 government organizations in the United States, is currently being investigated by the CISA Cyber Security Review Board (CSRB).  

Midnight Blizzard/Nobelium (AKA APT29 and Cozy Bear by others) is the same group that was attributed to hacking IT management solutions provider SolarWinds in a massive supply chain attack in 2020.

Related: Microsoft Catches Russian Government Hackers Phishing with Teams Chat App

Related: Chinese Cyperspies Use Stolen Microsoft Key to Hack Gov Emails

Related: Microsoft Bows to Pressure to Free Up Cloud Security Logs

Related: Microsoft Blames Russian APT for Outlook Zero-Day Exploits

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.