A hacking group linked to a Russian intelligence company accessed the emails of a number of senior Microsoft executives and different workers, the corporate disclosed Friday.
Microsoft stated it detected the assault on January 12, and has decided {that a} hacking group often known as Midnight Blizzard or Nobelium is accountable. That’s the identical group behind the 2020 SolarWinds cyberattack. Microsoft and US cybersecurity officers Nobelium is a part of Russia’s International Intelligence Service (SVR).
“Starting in late November 2023, the menace actor used a password spray assault to compromise a legacy non-production check tenant account and acquire a foothold, after which used the account’s permissions to entry a really small share of Microsoft company electronic mail accounts, together with members of our senior management crew and workers in our cybersecurity, authorized, and different capabilities, and exfiltrated some emails and hooked up paperwork,” the corporate wrote in a weblog submit.
The corporate didn’t establish which members of its “senior management” have been focused, however stated its preliminary investigation suggests the group was in search of info associated to itself. Firm officers thus far don’t have any proof that “buyer environments, manufacturing methods, supply code, or AI methods,” have been accessed.
Although the corporate says the assault “was not the results of a vulnerability in Microsoft services or products,” it’s taking steps to “instantly” enhance the safety of “Microsoft-owned legacy methods and inner enterprise processes.” The modifications “will doubtless trigger some stage of disruption,” it added.
This text initially appeared on Engadget at https://www.engadget.com/russian-state-sponsored-hackers-accessed-the-emails-of-microsofts-senior-leadership-232945155.html?src=rss
Trending Merchandise
