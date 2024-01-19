Microsoft has announced that a hacker group that is sponsored by Russia got access to a number of email accounts from some of the company's executives. The company first announced this attack as part of a regulatory filing today (via CNBC)

More details about the attack were posted on the Microsoft Security Response Center Blog. It states that back in November 2023, the hacker group, which is known by the names Nobelium and Midnight Blizzard, "used a password spray attack to compromise a legacy non-production test tenant account." This cyberattack successfully gained access to a number of corporate email accounts.

Microsoft says the email accounts were used by "members of our senior leadership team and employees in our cybersecurity, legal, and other functions." The group also "exfiltrated some emails and attached documents."

The company says it only detected this attack last week, on January 12. It took steps to "mitigate the attack, and deny the threat actor further access." Microsoft added:

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

In November, Microsoft announced a new effort to improve its digital security after Chinese hackers gained access to Outlook-based government email accounts in the US and Europe. The Secure Future Initiative would use new and improved methods to detect cyber threats more quickly, including the use of AI-based measures.

Today, Microsoft said that this new attack by Nobelium-Midnight Blizzard on its own systems "has highlighted the urgent need to move even faster." It added:

We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.

The company also said it would work with law enforcement authorities and regulators as it continues its investigation into this cyberattack and will offer up more details "as appropriate."