Microsoft today announces that it has discovered a nationwide attack on its corporate systems by the same Russian state-sponsored hacking group that was responsible for the sophisticated SolarWinds attack. According to Microsoft, the hackers known as Nobelium were able to access the email accounts of some executive team members late last year.
“Starting in late November 2023, the threat actor used a password spray attack to compromise and gain a foothold on an old, non-production test tenant account, then leveraged the account's permissions to access a very small percentage of Microsoft enterprise email. “We targeted some of our leadership teams and employees in cybersecurity, legal, and other functions and exfiltrated some emails and attached documents,” the Microsoft Security Response Center said in a blog post , which was released late Friday.
Microsoft says the group “initially targeted email accounts” to obtain information about itself, but it's not clear what other emails and documents were stolen in the process. Microsoft only discovered the attack last week on January 12, and the company has not disclosed how long the attackers were able to access its systems.
“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had access to customer environments, production systems, source code or AI systems,” Microsoft says.
The attack came just days after Microsoft announced its plan to overhaul its software security following major Azure cloud attacks. Although Microsoft customers were apparently not affected by this new incident and this was not the result of a Microsoft security flaw, this is still the latest in a series of cybersecurity incidents for Microsoft. It was at the center of the SolarWinds attack nearly three years ago, then in 2021, 30,000 organizations' email servers were hacked due to a Microsoft Exchange Server flaw, and Chinese hackers reported on a Microsoft cloud exploit last year US government emails hacked.
Microsoft is currently changing the way it designs, builds, tests and operates its software and services. This is the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after major Windows XP bugs left PCs out of commission.