Russian Spies Hacked Microsoft Email Systems & Accessed Code

Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes.
Microsoft's announcement on March 8, 2024, detailed that Midnight Blizzard, also known as APT29 or Cozy Bear, utilized information initially exfiltrated from the company's corporate email systems to gain unauthorized access to its internal systems, including source code repositories.
The hackers seem to have multiple objectives, including stealing valuable source codes and gathering intelligence on Microsoft's knowledge about their operations.
The breach has prompted Microsoft to file a report with the U.S. Securities and Exchange Commission, highlighting the severity of the situation and the potential implications for the company's security posture and reputation.
Midnight Blizzard gained access to Microsoft's systems through a sophisticated cyberattack that began in late November 2023.
The group used a password spray attack to compromise a legacy non-production test tenant account within Microsoft's environment.
Once they had a foothold, they used the account's permissions to access a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions.
The investigation suggests that Midnight Blizzard was initially targeting email accounts for information related to their own operations, likely as a counterintelligence effort to understand what Microsoft knew about them.
After the initial breach, Midnight Blizzard used the information they had exfiltrated to attempt further unauthorized access to Microsoft's internal systems, including source code repositories.
Microsoft detected an increase in password spray attacks by up to tenfold in February 2024 compared to the volume seen in January, indicating a significant escalation in the group's activities.
Microsoft has stated that there is no evidence that customer-facing systems have been compromised.
Microsoft has ramped up its security investments and cross-enterprise coordination to defend against these sophisticated threats.
The company has implemented enhanced security controls, detections, and monitoring to secure and harden its environment against Midnight Blizzard's activities.
Microsoft's proactive measures also involve reaching out to customers potentially affected by the breach to assist them in taking mitigating measures.
Microsoft's commitment to transparency and sharing findings from its investigations reflects its dedication to addressing the cybersecurity challenges posed by nation-state actors.
The breach of Microsoft's corporate email systems and the theft of source codes by Russian spies represents a significant cybersecurity event with far-reaching implications.
Midnight Blizzard is a Russian state-sponsored cyber espionage group known by names such as APT29, Nobelium, Cozy Bear, and several others.
SolarWinds Supply Chain Attack: One of the most significant and sophisticated cyber espionage campaigns attributed to Midnight Blizzard was the SolarWinds attack.
Democratic National Committee Hack: Midnight Blizzard, along with another Russian APT group, was involved in the cyber attacks against the Democratic National Committee during the 2016 US Presidential Elections.
Hewlett Packard Enterprise Breach: In December 2023, HPE disclosed that Midnight Blizzard had gained unauthorized access to its Microsoft Office 365 email system since May 2023.


This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 09 Mar 2024 15:40:23 +0000


Cyber News related to Russian Spies Hacked Microsoft Email Systems & Accessed Code

Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
9 months ago Cybersecuritynews.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
2 months ago Esecurityplanet.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
10 months ago Bleepingcomputer.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
1 year ago Bleepingcomputer.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
10 months ago Bleepingcomputer.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
8 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
11 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
11 months ago Bleepingcomputer.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
11 months ago Securityzap.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
11 months ago Bleepingcomputer.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
11 months ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
10 months ago Securityboulevard.com
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
10 months ago Techtarget.com
US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft - The US cybersecurity agency CISA on Thursday issued an emergency directive mandating that all federal agencies immediately hunt for signs of a known Russian APT that broke into Microsoft's corporate network and pivoted to steal sensitive ...
8 months ago Securityweek.com
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
11 months ago Techtarget.com
Ukraine: Hack wiped 2 petabytes of data from Russian research center - Planeta is a state research center using space satellite data and ground sources like radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme phenomena, and volcanic monitoring. The ...
10 months ago Bleepingcomputer.com
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack - A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications ...
11 months ago Bleepingcomputer.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
10 months ago Securityboulevard.com
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
1 year ago Theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)