Microsoft has said that some of its top leaders’ email accounts were hacked by a Russian intelligence group called Nobelium or Midnight Blizzard.
Last week, Microsoft found out about the attack. The hackers were able to get into the accounts of top executives, cybersecurity staff, and legal staff inside the company.
The group stole some emails and the files linked to them, but there is no proof that they got into customer data, production systems, source code, or AI systems.
In a regulatory filing on Friday, Microsoft said that hackers from Russia’s SVR foreign intelligence service got in by saying that the company had old code. Once they got a foothold, they used the account’s permissions to get into the accounts of other people, including those of the top leadership team.
Hackers used a popular way to try to guess passwords called “brute force,” which involves trying a lot of different combinations until they find the right one.
The business said it had not found any proof that Nobelium had gotten into its production systems, customer data, or secret source code. Microsoft has told workers whose emails were hacked and is working with the police to find out what happened.
A month ago, the news came out because of a new rule from the U.S. Securities and Exchange Commission. This rule says that publicly traded companies must report breaches within four days unless they get a national-security waiver.
Nation-state hackers have long gone after Microsoft because it gives technology to many Western countries. Hackers from China broke into Microsoft’s systems last year and got into the email accounts of Commerce Secretary Raimondo and other government officials.
Nobelium, which is also called APT29 or Cozy Bear, is a skilled hacking group that has tried to get into the systems of U.S. partners and the Defense Department.
The attack on Microsoft’s email system shows how dangerous cyberattacks by nation-state players are. Businesses and groups need to stay alert and take action to keep their systems and data safe from these kinds of threats.