When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft says a Russian intelligence group got access to emails from its top executives

Neowin · with 12 comments

Purple background with skull opening lock with key

Microsoft has announced that a hacker group that is sponsored by Russia got access to a number of email accounts from some of the company's executives. The company first announced this attack as part of a regulatory filing today (via CNBC)

More details about the attack were posted on the Microsoft Security Response Center Blog. It states that back in November 2023, the hacker group, which is known by the names Nobelium and Midnight Blizzard, "used a password spray attack to compromise a legacy non-production test tenant account." This cyberattack successfully gained access to a number of corporate email accounts.

Microsoft says the email accounts were used by "members of our senior leadership team and employees in our cybersecurity, legal, and other functions." The group also "exfiltrated some emails and attached documents."

The company says it only detected this attack last week, on January 12. It took steps to "mitigate the attack, and deny the threat actor further access." Microsoft added:

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

In November, Microsoft announced a new effort to improve its digital security after Chinese hackers gained access to Outlook-based government email accounts in the US and Europe. The Secure Future Initiative would use new and improved methods to detect cyber threats more quickly, including the use of AI-based measures.

Today, Microsoft said that this new attack by Nobelium-Midnight Blizzard on its own systems "has highlighted the urgent need to move even faster." It added:

We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.

The company also said it would work with law enforcement authorities and regulators as it continues its investigation into this cyberattack and will offer up more details "as appropriate."

Report a problem with article
quake 6 teaser
Next Article

A Quake 6 teaser was fairly conspicuous in the new Indiana Jones game reveal video

word on the web
Previous Article

Microsoft Word Online can now show more detailed link previews

Join the conversation!

Login or Sign Up to read and post a comment.

12 Comments - Add comment