Jan 19, 2024 - Technology

Russian hackers breach Microsoft leaders' email accounts

Image of the Microsoft logo on a phone

Photo: Jakub Porzycki/NurPhoto via Getty Images

The same Russian government hacking group behind one of the most prolific cyberattacks in recent history successfully breached Microsoft, the company said in a blog post Friday.

Why it matters: Microsoft says the hacking group was able to access "a very small percentage" of email accounts belonging to the company's senior leaders and members of its cybersecurity and legal teams.

  • Russia-backed hackers were also able to exfiltrate data from some emails, including attached documents.

Details: Microsoft is attributing the attack to the Russian state-sponsored hacking group Midnight Blizzard — which other cybersecurity firms refer to the same group as APT29 or Cozy Bear and which Microsoft also calls Nobelium.

  • The hackers first gained entry to Microsoft's networks in November, but the Microsoft Security Response Center said in Friday's blog post that the company didn't detect signs of intrusion until last Friday.
  • The hackers are believed to have successfully logged into a "legacy non-production test tenant account" using a technique called password spraying — where hackers attempt to use the same password across multiple user accounts until they're successful.
  • Microsoft's initial investigation suggests that the hackers were, at first, looking through corporate emails for information about their own hacking group.
  • Microsoft is still contacting employees whose email was accessed and did not say exactly how many accounts were affected.

What they're saying: "The attack was not the result of a vulnerability in Microsoft products or services," a Microsoft spokesperson said in an emailed statement.

  • "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."

The intrigue: Midnight Blizzard is the same hacking group that successfully targeted IT vendor SolarWinds in 2020 — resulting in the breach of at least 100 companies and nine federal agencies.

The big picture: Microsoft has been the target of several nation-state cyberattacks in the last few years.

  • In July, Microsoft disclosed that China-based hackers gained access to an unspecified number of email accounts, including those tied to government agencies.
  • In 2021, China-backed hackers also exploited a flaw in Microsoft's Exchange server to target at least 30,000 U.S. organizations.

Go deeper: Latest suspected China hack puts Microsoft on D.C. hot seat

Go deeper