Russian State-Sponsored Hackers Breach Microsoft's Corporate Systems
Senior Executives' Emails Accessed in Attack; Company Responds with Enhanced Security Measures
- Microsoft disclosed that a Russian state-sponsored hacking group, known as Midnight Blizzard or Nobelium, accessed its corporate systems and stole emails from senior executives and employees in its cybersecurity and legal departments.
- The hackers used a 'password spray attack' to compromise a legacy non-production test tenant account and gain a foothold, then used the account’s permissions to access a small percentage of Microsoft corporate email accounts.
- Microsoft's investigation found that the hackers appeared to be targeting email accounts for information related to Midnight Blizzard itself, and that it succeeded in taking some emails and attached documents.
- The company said the attack was not due to a vulnerability in its products or services, but it did highlight the continuous risk organizations face from 'well-resourced nation-state threat actors' like Nobelium.
- Microsoft is notifying employees whose emails were accessed and will notify customers if any action is required on their end.
UPI 
Business Insider 
Interesting Engineering 
The Messenger 
Deutsche Welle 
Gadgets 360 
The Japan Times 
Benzinga 
Ars Technica 
NDTV 
The Daily Beast 
PC Gamer 
NBC News 
Washington Post 
Financial Post 
Associated Press 
Engadget 
TechCrunch 
ABC News 
CNA 
The Verge 
GeekWire 
Fortune 
CNN 
CNBC 
