Microsoft disclosed that an elite hacking group sponsored by Russian intelligence gained access to the emails of some of the company’s senior executives starting in late November. The intrusion was discovered a week ago, and Microsoft is still investigating. The hacking group, referred to as Midnight Blizzard by Microsoft’s researchers, focused on combing through corporate email accounts to find information related to the group. The targeted emails included those of Microsoft’s senior leadership team, as well as employees in cybersecurity, legal, and other departments.
The Russian Foreign Intelligence Service has reportedly run the hacking group since at least 2008. The group is known by various nicknames, including Cozy Bear, the Dukes, and A.P.T. 29. It has been behind several high-profile hacks, such as the Democratic National Committee in 2015 and the SolarWinds supply chain attack in 2020.
In this recent attack, the hacking group used a relatively basic tactic known as password spraying, where common passwords are tried on a vast array of accounts. The group found an opening in an old account for a testing system, using its permissions to gain access to corporate email accounts. Microsoft emphasized that, to date, there is no evidence that the hackers had access to customer environments, production systems, source code, or AI systems.
Microsoft is actively working with law enforcement on the matter, and the incident highlights the ongoing challenges faced by major technology companies in defending against sophisticated nation-state cyberattacks.
