Updated January 20th, 2024 at 08:13 IST

Microsoft claims state-sponsored Russian hack on corporate systems

According to Microsoft, the breach was identified during a routine investigation by its threat research team.

Microsoft | Image:Microsoft
Cyber attack on Microsoft: Microsoft revealed on Friday that a Russian state-sponsored group successfully infiltrated its corporate systems on January 12, gaining unauthorised access to a limited number of corporate email accounts. The compromised accounts included those of senior leadership members and employees in cybersecurity, legal, and other departments. The breach was attributed to the Russian hacking group known as "Midnight Blizzard."

According to Microsoft, the breach was identified during a routine investigation by its threat research team. The hackers employed a ‘password spray attack’ starting in November 2023, exploiting compromised passwords across multiple related accounts within the Microsoft platform.

The motive behind the attack appeared to be an attempt to ascertain information about Microsoft's knowledge of the hackers' operations. Microsoft clarified that the breach did not result from a specific vulnerability in its products or services. The company managed to disrupt the malicious activity, blocking the group's access to its systems.

The Russian Embassy in Washington and the Ministry of Foreign Affairs have not provided immediate comments on the incident. Microsoft underlined that, to date, there is no evidence indicating that the threat actors accessed customer environments, production systems, source code, or AI systems.

This disclosure by Microsoft aligns with a recent regulatory requirement imposed by the US Securities and Exchange Commission (SEC) in December. The mandate compels publicly-owned companies to promptly disclose cyber incidents, requiring affected companies to file a report within four business days of discovery. The report must detail the time, scope, and nature of the breach to the government.

The hacking group Midnight Blizzard, also known as APT29, Nobelium, or Cozy Bear, has been linked to Russia's SVR spy agency and gained notoriety for intrusions into the Democratic National Committee during the 2016 US election. Despite the breach, Microsoft clarified that there is no evidence of the threat actors having access to crucial elements like customer environments, production systems, source code, or AI systems. Last year, Microsoft faced criticism for security practices when Chinese hackers stole emails belonging to senior US State Department officials.

(With Reuters inputs)

Published January 20th, 2024 at 08:13 IST

