Microsoft claims Russian state-sponsored hackers spied on senior employees: ‘Password spray attack’

Satya Nadella, chairman and chief executive officer of Microsoft.

Microsoft has claimed that a Russian state-sponsored group hacked into its corporate systems on January 12 and accessed the accounts of members of the company’s leadership team, as well as those of employees on its cybersecurity and legal teams.

Microsoft, in a blog post, said the hacking started in late November and was discovered on January 12. It said the same highly skilled Russian hacking team behind the SolarWinds breach was responsible.

“A very small percentage” of Microsoft corporate accounts were accessed, the American multinational technology corporation, best-known software products, said, and some emails and attached documents were stolen.

The company added that the Russian group was able to access Microsoft corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions.

Microsoft’s threat research team, which routinely investigates nation-state hackers, blamed Russia’s ‘Midnight Blizzard’ for the hacking.

Microsoft also said its investigation into the breach indicated the hackers were initially targeting the software giant to learn what the company knew about their operations.

The company added that the hackers used a “password spray attack” starting in November 2023 to breach a Microsoft platform. Hackers use the technique to infiltrate a company’s systems by using the same compromised password against multiple related accounts, Microsoft said.

News agency Reuters reported that the Russian embassy in Washington and the ministry of foreign affairs did not immediately respond to a request for comment.

“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” Reuters quoted Microsoft as saying. The company added that the attack was not the result of a specific vulnerability in its products or services.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” a company blog states.

What is Midnight Blizzard?

Midnight Blizzard, also known as APT29, Nobelium or Cozy Bear by cybersecurity researchers, is linked to Russia’s SVR spy agency, US officials said. The group is best known for its intrusions into the Democratic National Committee surrounding the 2016 US elections.

Microsoft products are widely used across the US government. The company faced criticism last year for its security practices after Chinese hackers stole emails belonging to senior US State Department officials.

Before revamping its threat-actor nomenclature last year, Microsoft called the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.

In a 2021 blog post, Microsoft had called the SolarWinds hacking campaign “the most sophisticated nation-state attack in history”. In addition to US government agencies, including the departments of justice and treasury, over 100 private companies and think tanks were compromised, including software and telecommunications providers, news agency AP reported.

(With inputs from Reuters, AP)

Read more news like this on HindustanTimes.com