Microsoft Targeted in Sophisticated Cyber Attack Linked to Russian Group
Microsoft Corporation has reported a significant cyber attack on its corporate systems by a group with links to Russia, resulting in unauthorized access to a limited number of email accounts. Among the compromised accounts are those belonging to senior leadership and employees in cybersecurity and legal departments. In response, the tech giant is expediting security upgrades on older systems, anticipating some operational disruptions.
In a statement released on Friday, Microsoft clarified that the attack, orchestrated by a group they identified as Midnight Blizzard, did not compromise customer systems or servers that host public-facing products. Furthermore, there is no evidence suggesting that the hackers accessed Microsoft’s source code or artificial intelligence systems.
The company emphasized its commitment to enhancing security measures. “We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” a spokesperson stated. “This will likely cause some level of disruption.”
Midnight Blizzard, also known as Nobelium, is recognized for its sophisticated cyber-espionage tactics and has been linked by the US government to Russia. This group was previously implicated in the SolarWinds Corp. breach, which targeted a US federal contractor in a significant cyber-espionage effort against US federal agencies.
Microsoft detailed that the hackers initiated a ‘password spray’ attack starting in November. This method involves rapidly trying multiple passwords to breach targeted corporate accounts. Besides accessing email accounts, the attackers also obtained emails and attached documents. Microsoft detected the intrusion on January 12 and is in the process of notifying affected employees.
Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, indicated that government officials are working closely with Microsoft to understand the incident’s full scope and help protect other potential victims.
Microsoft’s technology has been a frequent target in major hacking campaigns. The US Cyber Safety Review Board, reporting to the Department of Homeland Security, is currently investigating a 2023 intrusion against Microsoft Exchange Online, attributed to China-linked hackers. This breach compromised senior US officials’ email accounts and raised concerns about cloud computing security. In September, Microsoft acknowledged five errors in its systems, which have since been rectified.
Following the 2023 breach, Jen Easterly, director of the agency overseeing the review board, urged Microsoft to prioritize security in its products. “I absolutely positively think they have to focus on ensuring their products are both secure by default and secure by design, and we are going to continue to work with them to urge them to do that,” Easterly commented in an interview with Bloomberg.
In November, Microsoft announced an overhaul of its software and system protection protocols following a series of high-profile hacks. The company now recognizes the need for accelerated changes, particularly concerning older systems and products. “For Microsoft, this incident has highlighted the urgent need to move even faster,” the company concluded in its statement.