A Russian government-backed hacking team successfully hacked into Microsoft's corporate network and stole emails and attachments from senior executives and targets in the cybersecurity and legal departments, the company disclosed late Friday.
Software giant said the APT group, known as Midnight Blizzard/Nobelium, used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts.
The company said its security team detected the nation-state attack on our corporate systems on January 12, 2024 and traced the infection back to November 2023.
The company said members of its senior leadership team were among the victims and noted that the hackers were initially targeting email accounts for information related to Remond's own knowledge of the APT operation.
The discovery of Russian hackers in Microsoft's network comes less than six months after Chinese cyberspies were caught using forging authentication tokens using a stolen Azure AD enterprise signing key to break into M365 email inboxes.
The hack, which led to the theft of email data from approximately 25 government organizations in the United States, is currently being investigated by the Cyber Security Review Board.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 19 Jan 2024 23:43:06 +0000