Microsoft's system has been breached by Russian hackers. This was confirmed by the software giant on Friday, Jan. 19, saying that they detected a nation-state attack.
The American tech firm announced that Russian hackers compromised its corporate systems on Jan. 12. Microsoft promised that it already activated its response process.
This means that Microsoft is investigating the security breach, disrupting the cybersecurity attack, mitigating the breach, and preventing hackers from having further access.
Russian Hackers Breach Microsoft's Email System
According to Fortune's latest report, Microsoft identified the hackers as members of the highly-skilled Russian hacking group called Midnight Blizzard.
These malicious actors are also known as Nobelium, the Russian state-sponsored actor behind the SolarWinds security breach.
"As part of our ongoing commitment to responsible transparency as recently affirmed in our Secure Future Initiative (SFI), we are sharing this update," said Microsoft via its official blog post.
Unfortunately, the cybersecurity breach happened in late November 2023. This means that it has been more than a month before Microsoft detected the malicious campaign against its corporate email system.
The software giant confirmed that Russian hackers were able to access the accounts of its leadership team members. Email accounts of cybersecurity employees and legal team staff were also breached.
But, Microsoft claimed that only a "very small percentage" of corporate accounts were compromised. Some emails and attached documents were stolen as well.
Microsoft's spokesperson said that they haven't identified the exact numbers of affected senior leadership email accounts.
"We are in the process of notifying employees whose email was accessed," said the giant tech firm.
The software developer stated that they already removed the hackers' access from compromised accounts around Jan. 13.
Read Also : Amazon Security Breach Adds New Mailing Addresses to Accounts—Is It Hackers or Just System Bug?
How Russian Hackers Breach Microsoft Corporate System
The American tech firm clarified that the latest corporate system breach was not a result of a service/product vulnerability. Instead, Russian threat actors used a password spray attack.
This allowed them to compromise a legacy non-production test tenant account, which gave them a foothold. After that, they used the account's permissions to access corporate email accounts.
As of writing, Microsoft said that they haven't found any evidence proving that these Russian hackers had access to customer environments, source code, AI systems, and production systems.
The software giant added that if ever it found evidence, it would immediately notify consumers.