Russian hackers target Microsoft’s senior executives in password spray attack

TLDR:

– Russian state-backed hackers targeted Microsoft systems, infiltrating a small percentage of corporate email accounts, including those of senior executives.
– The hackers utilized password spray attacks to gain unauthorized access, leading to potential access to source code repositories and internal systems.

Microsoft announced that Russian state-backed hackers have been targeting their systems, with unauthorized activity detected since late November 2023. The attacks escalated significantly in February, with members of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other functions being among those whose email accounts were infiltrated. The hackers utilized password spray attacks to gain access to a small percentage of corporate email accounts, potentially leading to access to source code repositories and internal systems. However, there is no evidence of access to Microsoft customer environments or AI systems. Microsoft has enhanced security measures and is collaborating with law enforcement and regulators in their ongoing investigation to defend against this advanced persistent threat.