Russian Intelligence Hacks Microsoft Officers’ Emails

Microsoft has discovered a nation-state attack on its corporate systems. On January 12, the day of the attack, The Record reported that the bad actor was Nobelium, known to be run by the SVR, the Russian counterpart to the CIA.

Nobelium, also known as Midnight Blizzard, was behind the infamous attack on tech company SolarWinds. That hack gave it access to the Defense Department, Commerce Department, Treasury Department, State Department, and the DOJ as well as several large companies.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the Microsoft said in a statement.

The hack accessed the email accounts of senior leaders at Microsoft. According to the company’s investigation, the hackers were initially looking for emails containing information about Midnight Blizzard.

“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.”

A Microsoft spokesperson refused to tell The Record how hackers could move from test accounts into accounts used by high-level officers of the company. They claimed that the investigation found no vulnerabilities in products or services.

The incident was reported to the SEC on January 12. Access to accounts was halted the next day. “The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Microsoft told the SEC.