Russian Government Hackers Spied on Microsoft Executives
Microsoft revealed that a hacking group was able “to access a very small percentage of Microsoft corporate email accounts,” including those of its senior leadership team and employees in the cybersecurity and legal departments.
The group, called Midnight Blizzard and also known as Nobelium, APT29, or Cozy Bear, is a Russian-based group with ties to the Russian government.
Microsoft’s breach is unique because the hackers didn’t go after the usual targets like customer data or corporate information. They wanted to know what the tech giant knew about them.
Microsoft said the hackers used a password spray attack against a “legacy non-production test tenant account.” They abused the account’s permissions to access more email accounts. The company didn’t go into too much detail about the number of accounts affected and the extent of the compromised information.
Microsoft reported the attack to conform to new US requirements that demand a disclosure of cybersecurity incidents. The company tried to shift the attention from the incident, promising to work on making its systems more secure.
Microsoft acknowledges that “this incident has highlighted the urgent need to move even faster” and vows to “act immediately to apply [our] current security standards to Microsoft-owned legacy systems and internal business processes” despite the chance it may disrupt existing business processes.
The US government relies on many Microsoft products but the company’s security systems have come under scrutiny. Senator Ron Wyden, a Democrat from Oregon, said Microsoft’s “negligent cybersecurity practices” were responsible for Chinese hackers accessing senior US State Department officials’ emails ahead of an important US-China meeting.
Microsoft claims that the attack was not due to a vulnerability in Microsoft products or services. Wyden, on the other hand, called it “another wholly avoidable hack that was caused by Microsoft’s negligence,” adding that “the U.S. government needs to reevaluate its dependence on Microsoft.”
Intelligence agencies speculate that Midnight Blizzard is responsible for high-profile cyberattacks against the US government, including IT and network provider SolarWinds in 2019 and the Democratic National Committee in 2016.
Microsoft’s breach is an example of cyber warfare, which focuses on stealing a rival’s data and can be just as harmful as traditional data theft. The incident indicates that even one of the biggest tech companies globally isn’t immune to cyber vulnerabilities despite having access to the most sophisticated security systems.