Code Red at Microsoft: Russia Accused of Spying on Tech Giant’s Top Brass

On Friday, Microsoft announced that its corporate systems were breached by a state-sponsored Russian group on January 12, resulting in the unauthorized access and theft of emails and documents from staff accounts. It didn’t say how many of its employees had their email accessed. The company says the hackers hacked into its system using a “password spray attack,” in which they bombard a target account with possible passwords, hoping one will work. The hackers gained access to a “tiny percentage” of Microsoft corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions, the company said.

The hacking is linked to a Russian intelligence agency, the SVR, or Foreign Intelligence Service. The agency is a spying arm of the Russian government, and its hacks are often tied to the country’s armed conflict with Ukraine. In a regulatory filing, Microsoft said it detected the latest hack last week and has been working with law enforcement and regulators since then. Microsoft’s disclosure of the hack comes after new requirements in December that require publicly-owned companies to disclose cyber incidents as soon as they discover them, including details about the incident’s time, scope, and nature.

According to the company’s blog post, Microsoft hasn’t found evidence that the threat actors accessed customer environments or its production systems. It also doesn’t believe they accessed its source code or AI systems. However, it did find that the hackers spied on some of its top executives.

In a blog post, the company said it had removed the hackers’ access to its internal systems. It has also revoked the passwords used to gain access to the email accounts, and it will notify employees whose accounts were accessed. The company isn’t saying how many of its senior leaders had their email access, but it says that it was the same group of hackers that breached the systems of software maker SolarWinds in 2020 and that the hackers seemed to be seeking information about Midnight Blizzard itself.

The hackers could access some executives’ email because they gained access to a Microsoft employee’s account by targeting a privileged account, which is typically a password reset link that gives someone access to other employees’ accounts. This common tactic among state-sponsored hackers highlights the risk of employees using the same password across multiple accounts. It is a common practice that many security professionals discourage because it can lead to breaches. Microsoft said it is investigating the incident and will share more information as it becomes available.

Sarah Stone

Sarah Stone

Sarah Stone is a seasoned content marketing expert with over a decade of experience in crafting compelling narratives that engage and convert. Her passion for storytelling shines through in her blog posts, where she shares valuable insights on various topics. With a keen eye for industry trends, Sarah helps businesses and content creators stay ahead in the ever-evolving world of online marketing.

LATEST STORIES

RELATED TOPICS

You May Like