An elite hacker group sponsored by Russian intelligence gained access to the emails of some top Microsoft executives starting in late November, the company revealed in a blog post and regulatory filing Friday.
Microsoft said it discovered the intrusion a week ago and was still investigating. The hackers appeared to be focused on combining Microsoft’s corporate email accounts to search for information related to the hacking group, which Microsoft researchers called Midnight Blizzard.
The hackers viewed emails from Microsoft’s executive team as well as employees in cybersecurity, legal and other groups, and took some emails and attachments, the company said. The company, which had worked with cybersecurity companies and governments to investigate previous attacks by the hacking group, did not name the executives whose emails were targeted.
Russia’s foreign intelligence service has run the hacking group since at least 2008, according to at the US Cybersecurity and Infrastructure Security Agency. The group is known by various nicknames, including Cozy Bear, the Dukes and APT 29, and has been behind a number of high-profile hacks, according to previous US government investigations.
Targets include computers at the Democratic National Committee in 2015 and technology provider SolarWinds, which gave Russia access to systems at the State Department, Department of Homeland Security and parts of the Pentagon in 2020. Microsoft called this incident is “the most sophisticated cyberattack in nation-state history.”
The method used in the new hack seems less exotic: a relatively basic tactic known as password spraying, in which hackers try common passwords on a wide range of accounts. The group, which Were known To use this tactic, one must find an opening in an old account for a test system, then use that account’s permissions to access company email accounts, Microsoft said.
“To date, there is no evidence that the threat actor had access to customer environments, production systems, source code, or AI systems,” Microsoft said in a statement.
The regulatory filing said the company had notified and was working with law enforcement.
Microsoft, which supplies technology to many Western governments, has long been a target of hacking. Last year, Chinese hackers breached Microsoft’s systems and gained access to the email accounts of Commerce Secretary Gina M. Raimondo and other government officials.
