Russian Hackers Breach Microsoft Leadership Emails

Microsoft has disclosed that a Russian hacking group, identified under the aliases Midnight Blizzard, APT29, Cozy Bear, and Nobelium, infiltrated the email accounts of several of the company’s senior leaders. The attack was first detected on January 12, 2024. It marks another significant breach by the hacking group, which is known for its sophisticated cyber tactics and state-sponsored origins.

Midnight Blizzard, which garnered notoriety for its involvement in the SolarWinds breach, managed to access a “very small percentage” of employee email accounts, according to Microsoft’s statement. The breach included accounts belonging to members of Microsoft’s senior leadership team and employees in key departments like cybersecurity and legal.

The hackers employed a “password spray attack” — a method that involves trying common passwords across numerous accounts — to initially breach a legacy account. From there, they gained access to other high-profile email accounts. While the exact number of compromised accounts remains undisclosed, Microsoft emphasized that the intrusion was not the result of any vulnerabilities in their products or services.

Microsoft has indicated that the group initially focused on targeting email accounts to gather information related to themselves, in what was seemingly an effort to learn what Microsoft knew about the group. However, the extent of other emails and documents that may have been compromised during this breach remains unclear. This tactic mirrors their strategy during the SolarWinds breach, where they aimed to understand the US government's response to their intrusions.

Despite the breach, Microsoft assured that there was no immediate evidence of the hackers gaining access to customer environments, production systems, source code, or AI systems. The company is in the process of notifying affected employees and is collaborating with law enforcement and regulatory bodies to assess the full impact.

Microsoft has also acknowledged the urgent need to accelerate its security enhancements. The company, which has been the target of multiple high-profile hacking efforts and cybersecurity incidents in recent years, is undergoing a significant overhaul of its security approach. This change is deemed necessary to confront the growing challenges posed by well-resourced nation-state threat actors like Midnight Blizzard.