In a filing with U.S. regulators, Microsoft disclosed a late November attack that had led to the exfiltration of email and documents from the email accounts of “senior leadership” and employees in its cybersecurity and legal departments. It detected the attack on Jan. 12 and cut off hackers’ access “on or about Jan. 13.”
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company said.
Microsoft fingered the Russian state hacking group it tracks as Midnight Blizzard – formerly Nobelium – also known as APT29 and CozyBear. The White House in 2021 connected the group to the Russian Foreign Intelligence Service after its hackers had inserted a backdoor into IT infrastructure software developed by SolarWinds.
A representative for Microsoft did not immediately return a request for comment clarifying what constitutes Microsoft “senior leadership.”
Microsoft stock is currently down 0.42% in after-hours trading; Microsoft disclosed the incident after the market closed Friday.
The company in its regulatory disclosure said attackers had executed a password spraying attack in late November and gained access to “a legacy non-production test tenant account.” Password spraying is a technique in which hackers enter the same password guess into a number of accounts in an attempt to avoid account lockout by betting that at least one user uses a previously leaked password or has one that is easy to guess.
From that foothold, hackers were able to use the account permission to access “a very small percentage of Microsoft corporate email accounts.”
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” Microsoft said.
It’s too early to determine whet ..
Support the originator by clicking the read the rest link below.
