Microsoft Top Executives' Emails Compromised in Advanced APT Attack Linked to Russia

byThe Business Hour
9
Microsoft Top Executives' Emails Compromised in Advanced APT Attack Linked to Russia


 Microsoft revealed on Friday that it fell victim to a nation-state attack on its corporate systems, resulting in the theft of emails and attachments from senior executives and individuals in the company's cybersecurity and legal departments.

The attack has been attributed to a Russian advanced persistent threat (APT) group known as Midnight Blizzard (formerly Nobelium), also recognized as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.

Microsoft detected the malicious activity on January 12, 2024, and promptly took steps to investigate, disrupt, and mitigate the situation. The campaign is believed to have started in late November 2023.

According to Microsoft, the threat actor used a password spray attack to compromise a legacy non-production test tenant account, gaining a foothold. Subsequently, they utilized the account's permissions to access a small percentage of Microsoft corporate email accounts, including members of the senior leadership team and employees in cybersecurity, legal, and other functions. Some emails and attached documents were exfiltrated in the process.

Microsoft clarified that the targeting nature indicates the threat actors sought information related to themselves. The company emphasized that the attack did not result from security vulnerabilities in its products, and there is no evidence that the adversary accessed customer environments, production systems, source code, or AI systems.

Although Microsoft did not disclose the number of infiltrated email accounts or the accessed information, it assured that it was in the process of notifying affected employees.

The hacking group, previously responsible for the SolarWinds supply chain compromise, targeted Microsoft twice before, once in December 2020 to access source code related to Azure, Intune, and Exchange components, and a second time in June 2021 breaching three customers through password spraying and brute-force attacks.

The Microsoft Security Response Center (MSRC) emphasized that this attack underscores the ongoing risk faced by all organizations from well-resourced nation-state threat actors like Midnight Blizzard.

microsoft hacked microsoft breach microsoft cybersecurity microsoft russia which of the following is an attack vector used by threat actors to penetrate a system? microsoft security breach russian hackers microsoft

9 Comments

  1. The Business HourJanuary 23, 2024 at 1:49 PM

    Love the sleek design and easy navigation – this website is a visual treat!

    ReplyDelete
  2. AdminJanuary 24, 2024 at 2:45 PM

    This website is a treasure trove of information, a true knowledge hub

    ReplyDelete
  3. AdminJanuary 24, 2024 at 3:38 PM

    The art of saying a lot with a little – these comments are a masterclass in brevity.

    ReplyDelete
  4. AdminJanuary 24, 2024 at 4:56 PM

    Such a valuable resource – thank you!

    ReplyDelete
  5. Author : Rizvy AhmedJanuary 24, 2024 at 9:13 PM

    This website has a lot of useful resources. It's become my go-to for information

    ReplyDelete
  6. Digital Authority TechJanuary 25, 2024 at 9:28 AM

    I'm grateful for your insights.

    ReplyDelete
  7. AdminJanuary 25, 2024 at 11:28 AM

    "The educational content here is presented in an engaging manner."

    ReplyDelete
  8. AdminJanuary 25, 2024 at 11:51 AM

    The simplicity of the layout enhances readability.

    ReplyDelete
  9. MD DIDARUL ISLAMJanuary 26, 2024 at 7:12 AM

    This is exactly what I needed to read today. Your words are so motivating

    ReplyDelete
Previous Post Next Post