Priya PatelTLDR: Microsoft announced that it was hacked by a state-sponsored Russian group known as APT29 or Midnight Blizzard. The hackers used a password spray attack to gain access to a small percentage of Microsoft corporate email accounts. Microsoft promptly investigated and disrupted the breach and clarified that the attack was not due to any specific vulnerability in its products or services. The disclosure comes after a new regulatory requirement for prompt reporting of cyber incidents.
Microsoft revealed that it was the target of a cyber attack by a Russia-sponsored group called APT29 or Midnight Blizzard. The hackers were able to access a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity and legal departments. The group is believed to be linked to Russia’s SVR spy agency and has previously targeted the Democratic National Committee in the 2016 US election.
The cyber attack was carried out using a technique called a password spray attack, in which the hackers used the same compromised password across multiple accounts. Microsoft promptly investigated and disrupted the breach, cutting off the hackers’ access to its systems. The company clarified that the attack was not the result of any specific vulnerability in its products or services.
This disclosure follows a new regulatory requirement by the US Securities and Exchange Commission (SEC) that mandates prompt reporting of cyber incidents by publicly-owned companies. Microsoft products are widely used in the US government, and the company has faced criticism in the past for its security practices. However, there is no evidence that the hackers had any access to customer environments, production systems, source code, or AI systems.
