Microsoft said the breach began in late November and was discovered on January 12. The company activated special security protocols, blocking further access to the internal network. Microsoft assures that all possible actions related to data security in the company have been taken. Microsoft says the same highly skilled Russian team is responsible for the massive 2021 SolarWinds breach.
Hackers from Russia attacked Microsoft accounts. “We are in the process of notifying employees”
The company, headquartered in Redmond, Washington, identified them as members of the “Midnight Blizzard” group (also referred to as Nobelium), which British and US authorities say is directly linked to Russian secret services. “This group mainly attacks government institutions, diplomatic units, non-governmental organizations and IT service providers, mainly in the USA and Europe. Its goal is to collect information through long-term espionage for foreign intelligence,” we read in the company’s earlier statement.
Microsoft said hackers linked to Russian intelligence managed to gain access by compromising the credentials of a “legacy” test account. Once they gained a foothold, they used the account’s privileges to gain access to other accounts – including members of the company’s senior management, as well as employees of its cybersecurity teams and lawyers. The post indicated that they also “filtered certain emails and attached documents.”
Hacker attack on Microsoft. “It was not the result of a gap in the company’s products or services”
The company claims that as a result of the hack, criminals gained access to a “very small percentage” of Microsoft corporate accounts, and some emails and attached documents were stolen. “We are in the process of notifying employees who were accessed,” Microsoft said, adding that the investigation showed that the hackers initially targeted email accounts to obtain information related to their own activities.
“The attack was not the result of a vulnerability in the company’s products or services,” the company said in a blog statement. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or AI systems. We will notify customers if any action is required,” it said.
The company also said it will continue to investigate (and will take additional actions based on the results of that investigation) and that it will cooperate with law enforcement and appropriate regulatory authorities. “We are deeply committed to sharing more information and our findings so that the community can benefit from both our experience and insights into the threat actor. We will provide additional details as needed,” the release added.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
