Jump to content
  • Microsoft says a Russian intelligence group got access to emails from its top executives

    aum

    • 1 comment
    • 472 views
    • 2 minutes
     Share


    • 1 comment
    • 472 views
    • 2 minutes

    Microsoft has announced that a hacker group that is sponsored by Russia got access to a number of email accounts from some of the company's executives. The company first announced this attack as part of a regulatory filing today (via CNBC)

     

    More details about the attack were posted on the Microsoft Security Response Center Blog. It states that back in November 2023, the hacker group, which is known by the names Nobelium and Midnight Blizzard, "used a password spray attack to compromise a legacy non-production test tenant account." This cyberattack successfully gained access to a number of corporate email accounts.

     

    Microsoft says the email accounts were used by "members of our senior leadership team and employees in our cybersecurity, legal, and other functions." The group also "exfiltrated some emails and attached documents."

     

    The company says it only detected this attack last week, on January 12. It took steps to "mitigate the attack, and deny the threat actor further access." Microsoft added:

     

    The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

     

    In November, Microsoft announced a new effort to improve its digital security after Chinese hackers gained access to Outlook-based government email accounts in the US and Europe. The Secure Future Initiative would use new and improved methods to detect cyber threats more quickly, including the use of AI-based measures.

     

    Today, Microsoft said that this new attack by Nobelium-Midnight Blizzard on its own systems "has highlighted the urgent need to move even faster." It added:

     

    We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.

     

    The company also said it would work with law enforcement authorities and regulators as it continues its investigation into this cyberattack and will offer up more details "as appropriate."

     

    Source

     

    Also:  Hackers breached Microsoft to find out what Microsoft knows about them.

    • Like 2

    User Feedback

    Recommended Comments

    Weak Security = Weak Leadership

    Nadella is not 'leading'. He is letting the company run amuck.

    He needs to be fired. Now.

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...