Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Microsoft: Russian Hackers Had Access to Executives' Emails

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems
Microsoft: Russian Hackers Had Access to Executives' Emails
Microsoft on Friday disclosed a hacking incident instigated by Russian state hackers. (Image: Shutterstock)

Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon.

In a filing with U.S. regulators, Microsoft disclosed a late November attack that had led to the exfiltration of email and documents from the email accounts of "senior leadership" and employees in its cybersecurity and legal departments. It detected the attack on Jan. 12 and cut off hackers' access "on or about Jan. 13."

"To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," the company said.

Microsoft fingered the Russian state hacking group it tracks as Midnight Blizzard - formerly Nobelium - also known as APT29 and CozyBear. The White House in 2021 connected the group to the Russian Foreign Intelligence Service after its hackers had inserted a backdoor into IT infrastructure software developed by SolarWinds.

A representative for Microsoft did not immediately return a request for comment clarifying what constitutes Microsoft "senior leadership."

Microsoft stock is currently down 0.42% in after-hours trading; Microsoft disclosed the incident after the market closed Friday.

The company in its regulatory disclosure said attackers had executed a password spraying attack in late November and gained access to "a legacy non-production test tenant account." Password spraying is a technique in which hackers enter the same password guess into a number of accounts in an attempt to avoid account lockout by betting that at least one user uses a previously leaked password or has one that is easy to guess.

From that foothold, hackers were able to use the account permission to access "a very small percentage of Microsoft corporate email accounts."

"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said.

It's too early to determine whether the incident will materially affect the company's financial condition or operations, the company told regulators. It vowed to henceforth apply current security standards to legacy systems "even when these changes might cause disruption to existing business processes."

With reporting from Information Security Media Group's Michael Novinson in Massachusetts


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.