(Adds detail from Microsoft and background on the hackers)
By Zeba Siddiqui and Christopher Bing
Jan 19 (Reuters) –
Microsoft said on Friday that a Russian state-sponsored group hacked into its corporate systems on Jan. 12 and stole some emails and documents from staff accounts.
The Russian group was able to access “a very small percentage” of Microsoft corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions, the company said.
Microsoft’s threat research team routinely investigates nation-state hackers such as Russia’s Midnight Blizzard, who they say is linked to the breach.
The company said its probe into the breach indicated the Midnight Blizzard hackers were initially targeting email accounts that had information about themselves.
The software and tech company said the group also known in the cybersecurity industry as Nobelium used a “password spray attack” starting in Nov. 2023 to breach a Microsoft platform. Hackers use this technique to infiltrate a company’s systems by using the same password across multiple accounts.
The Russian Embassy in Washington and Ministry of Foreign Affairs did not immediately respond to a request for comment.
Microsoft said it investigated the incident and disrupted the malicious activity, blocking the threat actor’s access to its systems.
“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” the company said.
Microsoft said the attack was not the result of a vulnerability in it products or services.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company said.
Microsoft’s disclosure follows a new regulatory requirement implemented by the U.S. Securities and Exchange Commission (SEC) in December that mandates publicly-owned companies to promptly disclose cyber incidents. Affected companies must file a report about the hack’s impact within four business days of discovering the incident, disclosing the time, scope and nature of the breach.
Midnight Blizzard is also known as APT29 or Cozy Bear by cybersecurity researchers and linked to Russia’s SVR spy agency, according to U.S. officials. The hacking group is best known for its intrusions of the Democratic National Committee in 2016. (Reporting by Zeba Siddiqui and Harshita Mary Varghese; Editing by Chris Sanders, Maju Samuel and Anna Driver)
News Related-
The best Walmart Cyber Monday deals 2023
-
Jordan Poole took time to showboat and got his shot blocked into the stratosphere
-
The Top Canadian REITs to Buy in November 2023
-
OpenAI’s board might have been dysfunctional–but they made the right choice. Their defeat shows that in the battle between AI profits and ethics, it’s no contest
-
Russia-Ukraine Drone Warfare Rages With Dozens Headed for Moscow, Amid Deadly Winter Storm
-
Trump tells appeals court that threats to judge and clerk in NY civil fraud trial do not justify gag order
-
Can Anyone Take Paxlovid for Covid? Doctors Explain.
-
Google this week will begin deleting inactive accounts. Here's how to save yours.
-
How John Tortorella's Culture Extends from the Philadelphia Flyers to the AHL Phantoms
-
Tri-Cities' hatcheries report best Coho return in years
-
Wild release Dean Evason of head coaching duties
-
Air New Zealand’s Cyber Monday Sale Has the 'Lowest Fares of 2023' to Auckland, Sydney, and More
-
NDP tells Liberals to sweeten the deal if pharmacare legislation is delayed
-
'1,000 contacts with a club': Tiger Woods breaks down his typical tournament prep to college kids in fascinating video