Microsoft Says Russian Gov Hackers Stole Email Data from Senior Execs

 In a recent revelation, Microsoft disclosed that a hacking team backed by the Russian government successfully infiltrated its corporate network, orchestrating a strategic attack to pilfer emails and attachments from high-profile targets, including senior executives, and individuals in the cybersecurity and legal departments. The Advanced Persistent Threat (APT) group, known as Midnight Blizzard/Nobelium, employed a password spray attack to compromise a legacy non-production test tenant account, establishing a foothold. Subsequently, they utilized the account's permissions to access a small percentage of Microsoft corporate email accounts, exfiltrating certain emails and attached documents.

Microsoft's security team detected this nation-state attack on its corporate systems on January 12, 2024, tracing the infection back to November 2023. Notably, members of Microsoft's senior leadership team were among the victims. The hackers initially targeted email accounts for information related to Microsoft's knowledge of the APT operation. Importantly, Microsoft clarified that the attack did not exploit vulnerabilities in its products or services. There is no evidence indicating that the threat actor accessed customer environments, production systems, source code, or AI systems.

To address this breach, Microsoft announced immediate actions, applying current security standards to legacy systems and internal business processes. While these changes may cause some disruption, Microsoft emphasizes its commitment to adapting to this new reality. The company reassures customers that they will be notified if any action is required. The investigation is ongoing, and Microsoft pledges to take additional measures based on the outcomes. Collaboration with law enforcement and regulators will continue.

This incident follows closely on the heels of Chinese cyberspies using stolen authentication tokens to compromise M365 email inboxes, affecting around 25 U.S. government organizations. The Cyber Security Review Board (CSRB) is currently investigating this hack. Midnight Blizzard/Nobelium, also known as APT29 and Cozy Bear, gained notoriety for its involvement in the SolarWinds supply chain attack in 2020, targeting IT management solutions provider SolarWinds in a massive cybersecurity incident.