Microsoft Hacked: Hackers stole Microsoft corporate emails in a month-long data breach
Microsoft announced on Friday that a Russian state-sponsored hacking group successfully breached the email accounts of several senior leaders within the company. The disclosure was made through a regulatory filing by the software giant.
In a statement on January 19, 2024, Microsoft publicly admitted that a state-sponsored hacking group, often referred to as Nobelium or APT29, successfully breached a limited number of its corporate email accounts. The intrusion is believed to have been initiated in late November 2023 and persisted until Microsoft detected it in mid-January 2024.
“The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access,” the Microsoft Security Response Center said in a blog post. “Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.”
The hackers used a password-spraying technique to compromise a legacy, non-production test tenant account, providing them initial access to the system. Subsequently, they infiltrated additional accounts, including those of senior executives, legal staff, and cybersecurity personnel.
Microsoft assures that the attackers did not breach customer data, production systems, or proprietary source code. However, some emails and attached documents were stolen. The company is actively investigating the full scope of the breach and the compromised information.
This incident marks a recurrence of Nobelium targeting Microsoft, as the group was previously responsible for the SolarWinds supply chain attack in 2020, impacting the networks of various high-profile organizations, including the US government.
In emphasizing the importance of cybersecurity, organizations are urged to implement protective measures such as strong passwords, multi-factor authentication, and regular software updates to safeguard against cyber threats.
Additional details about the breach include the use of a password spraying technique to guess common passwords on numerous accounts. The attackers gained entry to a small number of corporate email accounts, particularly those of senior executives. Microsoft reiterates that customer data, production systems, and proprietary source code remained secure. Ongoing investigations aim to uncover the complete extent of the breach and the compromised information.
Below is the summary of the breach:
- The hackers used a password spraying technique, which involves trying to guess common passwords on a large number of accounts.
- The attackers gained access to a small number of corporate email accounts, including those belonging to some senior executives.
- Microsoft says that the attackers did not gain access to customer data, production systems, or proprietary source code.
- The company is still investigating the full extent of the breach and what information was compromised.
- This is not the first time that Microsoft has been targeted by Nobelium.