Microsoft Reveals Cyber Attacks By Russian-Sponsored Groups

Microsoft's threat research team managed to investigate cyberattack incidents. (photo: pexels)

JAKARTA - Microsoft announced on Friday January 19 that a group backed by the Russian state managed to hack its corporate system on January 12 and steal a number of emails and documents from staff accounts.

The Russian group managed to access a "small part" of Microsoft's corporate email accounts, including members of senior leadership teams and employees in cybersecurity, law, and other functions, the company disclosed.

The Microsoft threat research team routinely investigates state hackers such as Russia's "Midnight Blizzard", which they call the main perpetrator of the attack. The company stated that the investigation into the hack showed that hackers were initially targeting Microsoft to find out what information the tech giants know about their operations.

Microsoft said that hackers used a password spray attack starting in November 2023 to hack Microsoft's platform. Hackers used this technique to infiltrate the company's system using the same password that had been compromised against several related accounts.

Microsoft's threat research team managed to investigate this incident and disrupt malicious activity, blocking the group's access to its system.

"This attack highlights the continuous risks for all organizations from threat-to-state actors with large resources such as Midnight Blizzard," the company said, stressing that this attack was not a result of specific vulnerabilities in their products or services.

Microsoft insists that until now, there is no evidence that the threat perpetrators have access to the environment of customers, production systems, source codes, or artificial intelligence systems. Microsoft's disclosure follows the new regulatory requirements imposed by the United States Securities and Exchange Commission (SEC) in December, requiring public companies to immediately disclose cyber incidents.

Affected companies must report the impact of hacking within four working days of discovery - revealing the timing, scope, and nature of hacking to the government.

Midnight Blizzard is also known as APT29, Nobelium, or Cozy Bear by cybersecurity researchers and is linked to Russian SVR spy agencies, according to US officials.

The group is well known for its intrusion to the Democratic National Committee surrounding the 2016 United States election. Microsoft products are widely used throughout the US government. The company faced criticism last year of its security practices after Chinese hackers stole emails belonging to senior US State Department officials.