Microsoft says it was hacked by Russian state-sponsored group

Microsoft said on Friday that a Russian state-sponsored group hacked into its corporate systems on Jan. 12 and stole some emails and documents from its staffs’ accounts.A Russian hacking group known in the cybersecurity industry as Nobelium, or Midnight Blizzard, used a “password spray attack” starting in Nov. 2023 to breach a Microsoft platform, the company said in a blog. Hackers use this technique to infiltrate a company’s systems by using the same password across multiple accounts.

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
IIT Delhi IITD Certificate Programme in Data Science & Machine Learning Visit
Indian School of Business ISB Digital Transformation Visit
IIM Lucknow IIML Executive Programme in FinTech, Banking & Applied Risk Management Visit

The Russian group was able to access “a very small percentage” of Microsoft corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions, said Microsoft.

Microsoft’s threat research team routinely investigates nation-state hackers such as Midnight Blizzard, and the company said its probe into the latest breach indicated the hackers were initially targeting email accounts that had information about Midnight Blizzard.

The Russian Embassy in Washington and Ministry of Foreign Affairs did not immediately respond to a request for comment.

Microsoft said it investigated the incident and disrupted the malicious activity, blocking the threat actor’s access to its systems.

Discover the stories of your interest