Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Microsoft says Russian state-backed hackers stole data via staff emails

Russian state-sponsored hackers have infiltrated the email accounts of several leadership staff at Microsoft as well as cyber security and legal staff, according to the tech giant.

user icon Daniel Croft
Mon, 22 Jan 2024
Microsoft says Russian state-backed hackers stole data via staff emails
expand image

The company said it first detected the attack on 12 January but said that the incident began back in late November last year.

It also added that it identified the threat actor to be a Russian state-sponsored actor called Midnight Blizzard (also known as Nobelium).

“The threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cyber security, legal, and other functions, and exfiltrated some emails and attached documents,” said Microsoft in a blog post

============
============

Microsoft added that based on its investigations, the group was looking for emails and data relating to itself.

“We are in the process of notifying employees whose email was accessed.

“The attack was not the result of a vulnerability in Microsoft products or services.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,“ it said.

Following the discovery of the attack, Microsoft activated its incident response team to crack down on the attack and mitigate further damage.

Microsoft said it is providing the update on the incident as part of its Secure Future Initiative, the company’s dedication to advancing cyber security as the future brings more sophisticated attacks and hackers.

The company added that the recent attack has further spurred it on to act quickly and apply its modern cyber security standards to older systems.

“As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient,” it said.

“For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.