Microsoft claims Russian hackers sought info about themselves

Microsoft discloses a cybersecurity breach by Russian hackers, implicating the notorious Midnight Blizzard group

Microsoft announced that it had fallen victim to a cybersecurity breach orchestrated by Russian hackers, attributing the intrusion to the notorious hacking group known as Midnight Blizzard.

The compromised systems witnessed unauthorized access to a “very small percentage” of corporate email accounts, specifically those belonging to members of the senior leadership team, employees in the cybersecurity and legal departments and individuals involved in various other functions within the company.

The modus operandi employed by the attackers involved a “password spray” attack, a technique where a malevolent actor employs the same password across multiple accounts to gain unauthorized access.

Remarkably, Midnight Blizzard, the same group responsible for the extensive 2020 cyberattack on the U.S. information technology firm SolarWinds, executed this breach.

Microsoft disclosed that the initial incursion by Midnight Blizzard occurred in late November, yet the company only detected a threat to its systems last week. Despite the prolonged period of access, the tech giant asserted that the attack was not a result of any vulnerabilities within Microsoft’s products or services.

Moreover, there is no indication that the threat actor gained access to customer environments, production systems, source code or AI systems.

Interestingly, Microsoft’s response to this incident mirrors its reaction to the 2021 SolarWinds attack, where the company maintained that its software and tools were not implicated in any way. Despite such assertions, federal investigators later uncovered evidence suggesting that the hackers had accessed Microsoft Office 365.

This recent breach added to a series of cybersecurity challenges Microsoft has faced in recent years. In 2021, a particularly aggressive Chinese cyber espionage unit exploited a flaw in Microsoft’s Exchange server email software, impacting 30,000 organizations, including companies, small businesses, and local governments.

Additionally, Microsoft reported an attack in July of that year originating from an adversary based in China, which gained access to email accounts at various U.S. government agencies.

In response to these ongoing threats, Microsoft launched the Secure Future Initiative in November, a comprehensive strategy aimed at fortifying its cybersecurity defenses.

The company acknowledged that the latest incident underscores the urgency to expedite these security measures. Plans are underway to immediately apply enhanced security standards to Microsoft-owned legacy systems and internal business processes, even if such changes may cause disruptions to existing business operations.

Source: Newsroom