Microsoft announced on Friday that a Russian hacking group illegally gained access to some of the email accounts of its senior executives.
In a regulatory filing, software giant MSFT,
A group called Nobelium said it was responsible for the attack.
In late November, the group gained access to an “old, non-production test tenant account.” [gained] Foothold, then used account permissions to access a very small percentage of Microsoft email accounts, including members of our senior leadership team, employees in cybersecurity functions, legal functions, and others, and leaked some of the emails and attached documents. the Security Response Center wrote in a blog post.
Microsoft's senior leadership team, which includes CFO Amy Hood and President Brad Smith, meets routinely with CEO Satya Nadella.
The company said there were no signs of Nobelium obtaining customer data, production systems or proprietary source code.
A Microsoft spokesperson provided this comment late Friday: “Our security team recently detected an attack on our company's systems attributed to Russian state-sponsored actor Midnight Blizzard. We immediately activated our response process to investigate and disrupt the malicious activity, mitigate the attack, and prevent The threat actor has further access. The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor has any access to customer environments, production systems, source code, or AI systems. More information is available on our blog.”
Nobleum, also known as APT29 or Cozy Bear, is a shadowy hacking group that attempted to infiltrate US Department of Defense systems and breached the Democratic National Committee's systems in 2016.
Netskope Threat Labs, which tracks Nobelium, said the hacking group used a variety of techniques to compromise accounts, including compromised Azure AD accounts to collect victims' emails. “This hack underscores the importance of securing corporate email accounts, even those in non-production and test environments,” a Netskope spokesperson said. “Even if an email account is not used regularly or does not contain anything sensitive, it can still be used to launch additional attacks.”
Microsoft's disclosure comes amid new US requirements for reporting cybersecurity incidents.
