Microsoft: Russian hackers seek their own secrets in our systems

January 22, 2024
1 min read

TLDR:

  • Microsoft announced that its systems were breached by Russian hackers from the group Midnight Blizzard.
  • A “very small percentage” of corporate emails were accessed, including senior leadership accounts.

Microsoft revealed that its systems were breached by a Russian hacking group known as Midnight Blizzard, who were also behind the SolarWinds cyberattack. While Microsoft stated that only a small percentage of corporate emails were accessed, the compromised accounts included senior leadership and employees in the cybersecurity and legal departments. Midnight Blizzard first gained access to Microsoft’s systems in late November through a “password spray” attack. The group specifically targeted corporate email accounts to find information about themselves, and managed to access and withdraw some emails and attached documents. Microsoft emphasized that the breach was not due to any vulnerabilities in their products or services, and there is currently no evidence that the hackers had access to customer environments, production systems, source code, or AI systems. However, this response is similar to Microsoft’s previous claims after the SolarWinds attack, in which federal investigators found evidence that the hackers had accessed Microsoft Office 365. This is not the first time Microsoft has experienced security breaches, with recent incidents involving a Chinese cyber espionage unit exploiting a flaw in Microsoft’s Exchange server email software, and an adversarial attack from China gaining access to email accounts at US government agencies. Microsoft has launched the Secure Future Initiative to enhance its cybersecurity protection, with plans to apply current security standards to legacy systems and internal business processes.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.