Russian state-sponsored hackers hack Microsoft

Microsoft announced that state-backed Russian hackers had breached their corporate email system and gained access to the accounts of the company’s senior leadership team, as well as employees in cybersecurity and legal departments.

The intrusion was discovered on January 12, and Microsoft attributed it to the same highly skilled Russian hacking team responsible for the SolarWinds breach.

The company stated that a small percentage of corporate accounts were accessed and some emails and documents were stolen.

Microsoft has not disclosed the specific individuals affected by the breach but confirmed that the hackers’ access was removed on January 13. The company is in the process of notifying employees whose email accounts were compromised. Microsoft emphasized that the breach did not impact their operations materially, although they have not determined if it will have a financial impact.

The hackers from Russia’s SVR foreign intelligence agency gained access by compromising the credentials of a test email account and used it to access the accounts of senior leadership and others using a brute-force attack technique called “password spraying.”

Microsoft clarified that the breach was not due to any vulnerabilities in their products or services. The Russian hacking unit responsible for the breach has been called Midnight Blizzard by Microsoft and Cozy Bear by cybersecurity firm Mandiant. The SolarWinds hacking campaign, described by Microsoft as the most sophisticated nation-state attack in history, also targeted U.S. government agencies and private companies.

The SVR, Russia’s foreign intelligence agency, primarily focuses on intelligence-gathering and targets governments, diplomats, think tanks, and IT service providers in the U.S. and Europe.