Current:Home > MarketsState-backed Russian hackers accessed senior Microsoft leaders' emails, company says-LoTradeCoin
State-backed Russian hackers accessed senior Microsoft leaders' emails, company says
View Date:2024-12-24 00:04:30
BOSTON — State-backed Russian hackers broke into Microsoft's corporate email system and accessed the accounts of members of the company's leadership team, as well as those of employees on its cybersecurity and legal teams, the company said Friday.
In a blog post, Microsoft said the intrusion began in late November and was discovered on Jan. 12. It said the same highly skilled Russian hacking team behind the SolarWinds breach was responsible.
"A very small percentage" of Microsoft corporate accounts were accessed, the company said, and some emails and attached documents were stolen.
A company spokesperson said Microsoft had no immediate comment on which or how many members of its senior leadership had their email accounts breached. In a regulatory filing Friday, Microsoft said it was able to remove the hackers' access from the compromised accounts on or about Jan. 13.
"We are in the process of notifying employees whose email was accessed," Microsoft said, adding that its investigation indicates the hackers were initially targeting email accounts for information related to their activities.
SEC requires companies to disclose breaches quickly
The Microsoft disclosure comes a month after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business. It gives them four days to do so unless they obtain a national-security waiver.
In Friday's SEC regulatory filing, Microsoft said that "as of the date of this filing, the incident has not had a material impact" on its operations. It added that it has not, however, "determined whether the incident is reasonably likely to materially impact" its finances.
Microsoft, which is based in Redmond, Washington, said the hackers from Russia's SVR foreign intelligence agency were able to gain access by compromising credentials on a "legacy" test account, suggesting it had outdated code. After gaining a foothold, they used the account's permissions to access the accounts of the senior leadership team and others. The brute-force attack technique used by the hackers is called "password spraying."
The threat actor uses a single common password to try to log into multiple accounts. In an August blog post, Microsoft described how its threat-intelligence team discovered that the same Russian hacking team had used the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats.
"The attack was not the result of a vulnerability in Microsoft products or services," the company said in the blog. "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required."
Microsoft calls the hacking unit Midnight Blizzard. Prior to revamping its threat-actor nomenclature last year, it called the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.
In a 2021 blog post, Microsoft called the SolarWinds hacking campaign "the most sophisticated nation-state attack in history." In addition to U.S. government agencies, including the departments of Justice and Treasury, more than 100 private companies and think tanks were compromised, including software and telecommunications providers.
The main focus of the SVR is intelligence-gathering. It primarily targets governments, diplomats, think tanks and IT service providers in the U.S. and Europe.
veryGood! (928)
Related
- Ranked voting will decide a pivotal congressional race. How does that work?
- Three groups are suing New Jersey to block an offshore wind farm
- Jobs report today: Employers added 175,000 jobs in April, unemployment rises to 3.9%
- New Hampshire jury finds state liable for abuse at youth detention center and awards victim $38M
- What happens to Donald Trump’s criminal conviction? Here are a few ways it could go
- T.J. Holmes and Amy Robach Look Back at Their Exits From ABC Amid Rob Marciano’s Departure
- A Black lawmaker briefly expelled from the Tennessee Statehouse will remain on the 2024 ballot
- Zebra remains on the loose in Washington state as officials close trailheads to keep people away
- Who will save Florida athletics? Gators need fixing, and it doesn't stop at Billy Napier
- Caitlin Clark to the Olympics, Aces will win third title: 10 bold predictions for the 2024 WNBA season
Ranking
- Prosecutors say some erroneous evidence was given jurors at ex-Sen. Bob Menendez’s bribery trial
- Instagram teams up with Dua Lipa, launches new IG Stories stickers
- Save 70% on Alo Yoga, Shop Wayfair's Best Sale of the Year, Get Free Kiehl's & 91 More Weekend Deals
- Pregnant Francesca Farago Shares Peek at Jesse Sullivan’s & Her Twins
- Olivia Culpo Celebrates Christian McCaffrey's NFL Comeback Alongside Mother-in-Law
- Darvin Ham out as Lakers coach after two seasons
- Captain sentenced to four years following deadly fire aboard dive boat Conception in California
- Conception dive boat captain Jerry Boylan sentenced to 4 years in prison for deadly fire
Recommendation
-
Jennifer Lopez Gets Loud in Her First Onstage Appearance Amid Ben Affleck Divorce
-
'Fear hovering over us': As Florida dismantles DEI, some on campuses are pushing back
-
Arizona Gov. Katie Hobbs signs bill to repeal 1864 ban on most abortions
-
An AI-powered fighter jet took the Air Force’s leader for a historic ride. What that means for war
-
When do new episodes of 'Cobra Kai' Season 6 come out? Release date, cast, where to watch
-
Darvin Ham out as Lakers coach after two seasons
-
What is Sidechat? The controversial app students have used amid campus protests, explained
-
Tornadoes hit parts of Texas, more severe weather in weekend forecast