BOSTON (AP) — State-backed Russian hackers infiltrated Microsoft’s corporate email system and accessed the accounts of members of the company’s leadership team as well as employees on its cybersecurity and legal teams, the company said Friday.
The attack began in late November and was discovered on January 12, Microsoft said in a blog post. He said the same highly skilled Russian hacking team was responsible for the SolarWinds breach.
The company said a “very small percentage” of Microsoft corporate accounts were accessed and some emails and attached documents were stolen.
A company spokesman said Microsoft had no comment on which or how many of its senior leaders’ email accounts were breached. In a regulatory filing Friday, Microsoft said it was able to remove hackers’ access to compromised accounts on or about Jan. 13.
“We are in the process of notifying employees whose emails were accessed,” Microsoft said, adding that the investigation showed hackers initially targeted email accounts for information about their activities.
Microsoft’s announcement comes a month after a new U.S. Securities and Exchange Commission rule went into effect that forces publicly traded companies to disclose violations that could negatively impact their business. They are given four days to do so unless they receive a national security waiver.
In its SEC regulatory filing on Friday, Microsoft said that “the incident has not had a material impact on its operations as of the date of this filing.” But he added that he had not determined whether there was a reasonable chance the incident would materially affect his finances.
Microsoft, headquartered in Redmond, Washington, said hackers from Russia’s SVR foreign intelligence agency were able to gain access by compromising credentials on an “old” test account, suggesting it had old code.
The threat actor uses a single common password to attempt to log into multiple accounts. In a blog post published in August, Microsoft explained how its threat intelligence team discovered that the same Russian hacking team was using this technique to steal credentials from at least 40 different global organizations via Microsoft Teams chats.
“The attack was not the result of a vulnerability in Microsoft products or services,” the company said on its blog. “So far there is no evidence that the threat actor has access to customer environments, production systems, source code or AI systems. “We will inform our customers if any action is necessary.”
Microsoft calls its hacking unit Midnight Blizzard. Last year, threat actors named the group Nobelium before revamping its nomenclature. Mandiant, the cybersecurity firm owned by Google, calls the group Cozy Bear.
In a 2021 blog post, Microsoft called the SolarWinds hacking campaign “the most sophisticated nation-state attack in history.” More than 100 private companies and think tanks, including software and telecommunications providers, were compromised, as were U.S. government agencies, including the Justice and Treasury departments.