Microsoft says Russians hacked it to find information about itself

Microsoft says Russians hacked it to find information about itself

Downward Angle Symbol A symbol in the form of an angle pointing downwards. Microsoft announced on Friday that it had detected an attack on its systems by the Russian hacker group Midnight Blizzard. The group was also behind the massive cyberattack on SolarWinds. Getty Images

  • Microsoft announced Friday that its security systems were hacked by a Russian hacking group.
  • Microsoft identified the group as Midnight Blizzard that was behind the cyberattack on SolarWinds.
  • A “very small percentage” of company emails were accessed, but that included executives.

Microsoft said Friday that Russian hackers had penetrated its systems and accessed a “very small percentage” of company email accounts.

The hacked accounts belong to members of the company's executive team, employees of the cybersecurity and legal departments, and people working in “other functions.”

The attack was launched by Midnight Blizzard – the veteran Russian hacking group that was behind the massive attack on the US information technology company SolarWinds in 2020, which exposed sensitive US federal government information.

Microsoft said Midnight Blizzard first accessed the company's systems in late November via a “password spray” attack, a tactic in which a malicious actor uses the same password for multiple accounts. But it was only last week that Microsoft first identified a threat to its systems, the company said.

Based on Microsoft's initial investigation, it appears that Midnight Blizzard targeted corporate email accounts to find information about itself and managed to retract “some emails and attached documents.”

Microsoft said “the attack was not the result of a vulnerability in any Microsoft products or services,” adding that “there is no evidence that the threat actor had access to customer environments, production systems, source code, or AI systems.”

However, the company responded similarly back in 2021 after its systems were affected by the SolarWinds attack. At the time, Microsoft said its software and tools were “in no way used in this attack.” A company spokesperson also told BI at the time that they had “not identified any software vulnerability in Microsoft products or cloud services that would have led to a compromise.” But federal investigators said they found evidence that hackers accessed Microsoft Office 365.

Midnight Blizzard is not the only group that has penetrated Microsoft's systems in recent years. In 2021, an “unusually aggressive Chinese cyber espionage unit” exploited a vulnerability in Microsoft's Exchange server email software and accessed 30,000 organizations, including enterprises, small businesses and local governments. Last July, Microsoft also announced an attack by a “China-based adversary” that gained access to email accounts at U.S. government agencies.

In November, Microsoft launched the Secure Future Initiative, a move to improve its cybersecurity protections.

The company said the latest incident “highlighted the urgent need to move even faster.” The plan is to “act immediately and apply our current security standards to Microsoft's own legacy systems and internal business processes, even if these changes could disrupt existing business processes.”