Russian hackers, supported by the state, infiltrated Microsoft’s corporate email system and gained access to the accounts of top leaders, cybersecurity staff, and legal team members, the company announced on Friday.

According to a blog article, Microsoft reported that the unauthorized access began near the end of November and was identified on January 12th. The company also stated that the same highly proficient Russian hacking group involved in the SolarWinds attack was accountable for the intrusion.

According to the company, only a small fraction of Microsoft corporate accounts were breached and a portion of emails and attached documents were taken.

A representative from the company stated that Microsoft has not yet released a statement regarding the individuals on its senior management team who may have had their email accounts compromised. According to a filing submitted on Friday, Microsoft was successful in revoking the hackers’ access to the affected accounts around January 13.

Microsoft has stated that they are currently informing employees whose email accounts were breached. The company also mentioned that their investigation suggests that the hackers were initially interested in obtaining information about their activities.

The recent Microsoft announcement follows a new regulation by the United States Securities and Exchange Commission, requiring publicly traded companies to report any security breaches that may have a detrimental effect on their operations. They have a four-day window to disclose the breach, unless they are granted a national security exemption.

In its SEC filing on Friday, Microsoft stated that the recent incident has not significantly affected its operations. However, it has not yet determined if the incident will have a significant impact on its finances.

According to Microsoft, the SVR foreign intelligence agency of Russia was responsible for hacking into their system. They were able to do so by exploiting outdated code on a test account, allowing them access to the accounts of senior leaders and other individuals. The method used, known as “password spraying,” involves repeatedly trying common passwords until one is successful.

The malicious individual utilizes one shared password to attempt to access numerous accounts. In a blog post from August, Microsoft detailed how their threat intelligence team uncovered that a Russian hacking group had employed this method to try and obtain login information from over 40 international companies through Microsoft Teams conversations.

According to the company’s blog, the attack was not caused by a weakness in Microsoft’s products or services. At this time, there is no indication that the attacker was able to access customer environments, production systems, source code, or AI systems. If any action is necessary, customers will be informed.

Microsoft calls the hacking unit Midnight Blizzard. Prior to revamping its threat-actor nomenclature last year, it called the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.

In a blog post from 2021, Microsoft referred to the SolarWinds hacking campaign as “the most advanced attack by a nation-state in history.” Along with government agencies such as the Department of Justice and the Treasury, over 100 private companies and think tanks were affected, including providers of software and telecommunications services.

The primary objective of the SVR is to gather intelligence. Its main targets are governments, diplomats, think tanks, and IT service providers in the United States and Europe.

Source: wral.com