BOSTON (AP) \u2014 State-backed Russian hackers broke into Microsoft\u2019s corporate email system and accessed the accounts of members of the company\u2019s leadership team, as well as those of employees on its cybersecurity and legal teams, the company said Friday.<\/p>\n\n\n\n
In a blog post, Microsoft said the intrusion began in late November and was discovered on Jan. 12. It said the same highly skilled Russian hacking team behind the\u00a0SolarWinds breach\u00a0was responsible.<\/p>\n\n\n\n
\u201cA very small percentage\u201d of Microsoft corporate accounts were accessed, the company said, and some emails and attached documents were stolen.<\/p>\n\n\n\n
A company spokesperson said Microsoft had no immediate comment on which or how many members of its senior leadership had their email accounts breached. In\u00a0a regulatory filing Friday,\u00a0Microsoft said it was able to remove the hackers\u2019 access from the compromised accounts on or about Jan. 13.<\/p>\n\n\n\n
\u201cWe are in the process of notifying employees whose email was accessed,\u201d Microsoft said, adding that its investigation indicates the hackers were initially targeting email accounts for information related to their activities.<\/p>\n\n\n\n
The Microsoft disclosure comes a month after\u00a0a new U.S. Securities and Exchange Commission rule\u00a0took effect that compels publicly traded companies to disclose breaches that could negatively impact their business. It gives them four days to do so unless they obtain a national-security waiver.<\/p>\n\n\n\n
In Friday\u2019s SEC regulatory filing, Microsoft said that \u201cas of the date of this filing, the incident has not had a material impact\u201d on its operations. It added that it has not, however, \u201cdetermined whether the incident is reasonably likely to materially impact\u201d its finances.<\/p>\n\n\n\n
Microsoft, which is based in Redmond, Washington, said the hackers from Russia\u2019s SVR foreign intelligence agency were able to gain access by compromising credentials on a \u201clegacy\u201d test account, suggesting it had outdated code. After gaining a foothold, they used the account\u2019s permissions to access the accounts of the senior leadership team and others. The brute-force attack technique used by the hackers is called \u201cpassword spraying.\u201d<\/p>\n\n\n\n
The threat actor uses a single common password to try to log into multiple accounts.\u00a0In an August blog post,\u00a0Microsoft described how its threat-intelligence team discovered that the same Russian hacking team had used the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats.<\/p>\n\n\n\n
\u201cThe attack was not the result of a vulnerability in Microsoft products or services,\u201d the company said in the blog. \u201cTo date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.\u201d<\/p>\n\n\n\n
Microsoft calls the hacking unit Midnight Blizzard. Prior to revamping its threat-actor nomenclature last year, it called the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.<\/p>\n\n\n\n
In a 2021 blog post, Microsoft called\u00a0the SolarWinds hacking campaign\u00a0\u201cthe most sophisticated nation-state attack in history.\u201d In addition to U.S. government agencies, including the departments of Justice and Treasury, more than 100 private companies and think tanks were compromised, including software and telecommunications providers.<\/p>\n\n\n\n
The main focus of the SVR is intelligence-gathering. It primarily targets governments, diplomats, think tanks and IT service providers in the U.S. and Europe.<\/p>\n","protected":false},"excerpt":{"rendered":"
BOSTON (AP) \u2014 State-backed Russian hackers broke into M […]<\/p>\n","protected":false},"author":1,"featured_media":3092,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-3091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business"],"_links":{"self":[{"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/posts\/3091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3091"}],"version-history":[{"count":1,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/posts\/3091\/revisions"}],"predecessor-version":[{"id":3093,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/posts\/3091\/revisions\/3093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=\/wp\/v2\/media\/3092"}],"wp:attachment":[{"href":"https:\/\/www.viewworld.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.viewworld.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}