A hacking group linked to a Russian intelligence company accessed the emails of a number of senior Microsoft executives and different staff, the corporate disclosed Friday.
Microsoft stated it detected the assault on January 12, and has decided {that a} hacking group often known as Midnight Blizzard or Nobelium is accountable. That’s the identical group behind the 2020 SolarWinds cyberattack. Microsoft and US cybersecurity officers Nobelium is a part of Russia’s International Intelligence Service (SVR).
“Starting in late November 2023, the risk actor used a password spray assault to compromise a legacy non-production take a look at tenant account and acquire a foothold, after which used the account’s permissions to entry a really small proportion of Microsoft company e-mail accounts, together with members of our senior management crew and staff in our cybersecurity, authorized, and different capabilities, and exfiltrated some emails and hooked up paperwork,” the corporate wrote in a weblog publish.
The corporate didn’t determine which members of its “senior management” had been focused, however stated its preliminary investigation suggests the group was in search of info associated to itself. Firm officers thus far don’t have any proof that “buyer environments, manufacturing techniques, supply code, or AI techniques,” had been accessed.
Although the corporate says the assault “was not the results of a vulnerability in Microsoft services or products,” it’s taking steps to “instantly” enhance the safety of “Microsoft-owned legacy techniques and inner enterprise processes.” The adjustments “will probably trigger some degree of disruption,” it added.
This text initially appeared on Engadget at https://www.engadget.com/russian-state-sponsored-hackers-accessed-the-emails-of-microsofts-senior-leadership-232945155.html?src=rss
Trending Merchandise
