On Friday, Microsoft revealed that it had fallen victim to a state-backed Russian hacking attack, with the company’s corporate email system being compromised. The breach occurred in late November but was only discovered on January 12. According to Microsoft, the same skilled Russian hacking team responsible for the SolarWinds breach was behind this attack as well. The hackers accessed the accounts of key members of the company’s leadership team, along with those of employees on its cybersecurity and legal teams. While Microsoft stated that only a small percentage of corporate accounts were accessed, they did confirm the theft of some emails and attached documents.
The immediate impact of the breach remains unclear, as Microsoft has not disclosed the exact number or identity of the individuals whose email accounts were breached. The company spokesperson declined to comment on this matter. In its regulatory filing, Microsoft stated that it was able to remove the hackers’ access from the compromised accounts by January 13. However, the incident has prompted an investigation into the potential theft of sensitive information related to their activities. Microsoft emphasized that the breach had not materially impacted its operations so far. Nevertheless, the long-term financial implications are yet to be determined.
According to Microsoft, the hackers gained access to the corporate email system by compromising credentials on a “legacy” test account, indicating that the system had outdated code. Once inside, the hackers exploited the account’s permissions to infiltrate the accounts of the senior leadership team and others. The attack employed a brute-force technique called “password spraying,” where the threat actor attempts to log into multiple accounts using a single common password. It is important to note that Microsoft adamantly stated that the breach was not the result of any vulnerability in its products or services.
The Russian hacking team responsible for this attack is known by multiple names, such as Midnight Blizzard and Cozy Bear. Prior to the attack, this group had attempted to steal credentials from various global organizations through Microsoft Teams chats. It is worth mentioning that this attack goes beyond Microsoft itself. The SolarWinds hacking campaign, carried out by the same Russian hacking team, has been described as “the most sophisticated nation-state attack in history.” The campaign compromised numerous government agencies, private companies, and think tanks, highlighting the significant scale of these state-backed cyberattacks.
Microsoft’s disclosure of the breach aligns with a new rule introduced by the U.S. Securities and Exchange Commission (SEC). This rule requires publicly traded companies to promptly disclose breaches that could impact their business negatively. The disclosure must occur within four days unless a national-security waiver is obtained. In this case, Microsoft’s regulatory filing confirmed compliance with the rule, stating that the incident had not materially impacted its operations. However, the company has yet to determine whether the breach will have a significant financial impact.
The SVR, Russia’s foreign intelligence agency, has been identified as the perpetrator of this attack. The agency primarily focuses on intelligence-gathering and targets governments, diplomats, think tanks, and IT service providers in the U.S. and Europe. The scope of their activities raises concerns about national security and underscores the need for robust cybersecurity measures across public and private sectors.
The Russian hacking attack on Microsoft’s corporate email system highlights the evolving landscape of cyber threats faced by organizations worldwide. The breach exploited an outdated test account as the entry point, emphasizing the significance of maintaining up-to-date security measures. Microsoft’s response, though prompt, leaves many unanswered questions regarding the extent of the damage. As investigations continue, the incident serves as a reminder of the ongoing need for vigilance, technological advancements, and international cooperation to counter cyber threats effectively.
Leave a Reply