New Delhi: Microsoft revealed on Friday that a hacking group it identified as Midnight Blizzard, also known as APT29, believed to be linked to the Russian government, successfully breached some corporate email accounts within the company. The hackers targeted accounts belonging to Microsoft’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” Rather than focusing on traditional targets like customer data or typical corporate information, the hackers aimed to uncover what Microsoft knew about them.
Microsoft disclosed that the hackers utilized a “password spray attack,” essentially employing brute force, on a legacy account. Subsequently, they leveraged the compromised account’s permissions to access a small percentage of Microsoft’s corporate email accounts. The exact number of breached accounts and the specific information accessed or stolen were not disclosed by Microsoft, and the company did not respond immediately to inquiries.
Microsoft identified the opportunity to address the incident and outlined its commitment to enhancing security measures. The company emphasized the need for swift action, stating, “For Microsoft, this incident has highlighted the urgent need to move even faster.” Microsoft pledged to promptly apply its current security standards to legacy systems and internal processes, acknowledging potential disruptions in the adaptation process.
The hacking group APT29, also known as Cozy Bear, has gained notoriety for alleged Russian-sponsored cyberattacks, including those targeting SolarWinds in 2019 and the Democratic National Committee in 2015. Microsoft’s response to this breach is framed as a crucial step toward reinforcing security measures and adapting to a rapidly evolving threat landscape.