A hacking group linked to a Russian intelligence agency accessed the emails of several senior Microsoft executives and other employees, the company disclosed Friday.
Microsoft said it detected the attack on January 12, and has determined that a hacking group known as Midnight Blizzard or Nobelium is responsible. That’s the same group behind the 2020 SolarWinds cyberattack. Microsoft and US cybersecurity officials have said Nobelium is part of Russia’s Foreign Intelligence Service (SVR).
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the company wrote in a blog post.
The company didn’t identify which members of its “senior leadership” were targeted, but said its initial investigation suggests the group was looking for information related to itself. Company officials so far have no evidence that “customer environments, production systems, source code, or AI systems,” were accessed.
Though the company says the attack “was not the result of a vulnerability in Microsoft products or services,” it is taking steps to “immediately” improve the security of “Microsoft-owned legacy systems and internal business processes.” The changes “will likely cause some level of disruption,” it added.