Gary Hershawn/Getty Images
Microsoft said it is in the process of notifying employees whose emails were accessed by the Russian hacking group. (Photo by Gary Hershawn/Getty Images)
A group of Russian hackers gained access to some of the email accounts of senior Microsoft executives, the software giant said in a regulatory filing Friday afternoon.
“Microsoft security teams detected a nation-state attack on our corporate systems on January 12, 2024, and immediately initiated a response process to investigate, stop malicious activity, mitigate the attack, and address the threat. We have denied further access to the actor,” the Microsoft security team said. the Response Center said in a blog post. “Microsoft has identified this attacker as Midnight Blizzard, a Russian state-run actor also known as Nobelium.”
Nobelium, in particular, is the same group that committed the infamous SolarWinds breach back in 2020.
The blog post said hackers were able to access “a small number of Microsoft corporate email accounts,” including those of members of the company's senior leadership team and employees in its cybersecurity and legal departments. He added that it was
The company announced that the hackers were able to extract some emails and attachments, but preliminary investigations indicate the attackers appeared to be seeking information related to Midnight Blizzard itself. . This mirrors what the same group did in 2020 when it used modified software from SolarWinds to infiltrate U.S. government agencies, and how the U.S. government has since responded to that intrusion. I tried to track down Iruka.
Microsoft said it is in the process of notifying employees whose emails were accessed. Microsoft said there is currently no evidence that hackers gained access to customer environments or AI systems.
The attack began in late November 2023, the company said, and the hackers used a so-called “password spray attack” to gain an initial foothold. Password spraying refers to attempts to access a large number of accounts using commonly known passwords.
The company said the investigation is ongoing and will continue to cooperate with law enforcement and appropriate regulatory authorities, and promised to release more information to the public as it becomes available.
The attack highlights the “continued risk posed to all organizations by resource-rich nation-state threat actors like Midnight Blizzard,” the company said.
Microsoft's systems have been the target of several recent high-profile hacking operations.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to CNN's request for comment on Friday's hack. Microsoft declined a request for additional comment.
“The FBI is aware of this incident and is working diligently with our federal partners to provide assistance,” the FBI said in an emailed statement to CNN. As always, we encourage victims of cyber incidents to contact their local FBI field office. ”
This story has been updated with additional developments.