News

Hackers Breach Microsoft To Find Out What The Tech Giant Knows About Them

Giulio Saggin
Giulio Saggin
Monday, 22 January 2024
Hackers Breach Microsoft To Find Out What The Tech Giant Knows About Them
Photo: M Rezaie / Unsplash

Members of Microsoft's senior leadership team in, among others, its legal and cybersecurity divisions have had emails and documents stolen.

Russian state-sponsored group, Midnight Blizzard aka Nobelium, claimed responsibility for the attack in which, according to Microsoft, a small percentage of their corporate email accounts were hacked. Microsoft stated that the intent of the attack was to learn what the tech giant knew about Midnight Blizzard's operations.

The company said the hackers used a password spray attack to "compromise a legacy non-production test tenant account and gain a foothold". The attack, which began in November 2023, used the same compromised password for related accounts ... in this case, Microsoft corporate email accounts.

"To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," said Microsoft in a statement. "We will notify customers if any action is required."

Microsoft said they will act immediately to apply their current security standards to Microsoft-owned legacy systems and internal business processes: "This will likely cause some level of disruption ... but this is a necessary step, and only the first of several we will be taking to embrace this philosophy."

Microsoft is continuing their investigation into the incident and will continue working with law enforcement and appropriate regulators.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203