In a recent regulatory filing, Microsoft disclosed that a Russian hacker group, Nobelium, gained unauthorized access to the email accounts of some of the company’s top executives.
The hacker group Nobelium, also called Midnight Blizzard, Cozy Bear, or APT29, was responsible for the attack.
The group is closely associated with Russian intelligence and was previously responsible for the SolarWinds breach in 2020.
This incident highlights a recurring vulnerability in Microsoft’s systems, with state-sponsored attacks becoming more prevalent during periods of armed conflict, such as Russia’s prolonged war against Ukraine.
The Cybersecurity and Infrastructure Security Agency (CISA) is actively collaborating with Microsoft to understand the incident’s scope and mitigate potential impacts on other victims.
The breach, occurring in late November, involved accessing a non-production test tenant account.
The attackers utilized the account’s permissions to infiltrate a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other departments.
Fortunately, Microsoft has not identified any signs of Nobelium accessing customer data, production systems, or proprietary source code.
The purpose of the attack seems to be focused on spying on Microsoft leadership and perhaps gaining insights into the company’s efforts to help the US and Ukrainian efforts in the war with Russia.
This incident follows a pattern of cybersecurity challenges for Microsoft, including previous breaches by other hacking groups.
As investigations continue, Microsoft pledges to take additional actions based on the outcomes, collaborating with law enforcement and regulators to address the situation.
The FBI is aware of the attack and is actively engaged with federal partners to support the ongoing response.