Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers

Share via:

Illustration: The Verge

Microsoft is revealing today that it has discovered a nation-state attack on its corporate systems from the same Russian state-sponsored group of hackers that were responsible for the sophisticated SolarWinds attack. Microsoft says the hackers, known as Nobelium, were able to access email accounts of some members of its senior leadership team late last year.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” says the Microsoft Security Response Center in a blog post filed late on Friday.

Microsoft says the group was “initially targeting email accounts” for information about themselves, but it’s not clear what other emails and documents have been stolen in the process. Microsoft only discovered the attack last week on January 12th, and the company hasn’t disclosed how long the attackers were able to access its systems.

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” says Microsoft.

The attack took place just days after Microsoft announced its plan to overhaul its software security following major Azure cloud attacks. While Microsoft customers don’t appear to have been impacted in this new incident and this wasn’t the result of a Microsoft vulnerability, this is still the latest in a line of cybersecurity incidents for Microsoft. It found itself at the center of the SolarWinds attack nearly three years ago, then 30,000 organizations’ email servers were hacked in 2021 due to a Microsoft Exchange Server flaw, and Chinese hackers breached US government emails via a Microsoft cloud exploit last year.

Microsoft is now changing the way it designs, builds, tests, and operates its software and services. It’s the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after huge Windows XP flaws knocked PCs offline.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers

Illustration: The Verge

Microsoft is revealing today that it has discovered a nation-state attack on its corporate systems from the same Russian state-sponsored group of hackers that were responsible for the sophisticated SolarWinds attack. Microsoft says the hackers, known as Nobelium, were able to access email accounts of some members of its senior leadership team late last year.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” says the Microsoft Security Response Center in a blog post filed late on Friday.

Microsoft says the group was “initially targeting email accounts” for information about themselves, but it’s not clear what other emails and documents have been stolen in the process. Microsoft only discovered the attack last week on January 12th, and the company hasn’t disclosed how long the attackers were able to access its systems.

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” says Microsoft.

The attack took place just days after Microsoft announced its plan to overhaul its software security following major Azure cloud attacks. While Microsoft customers don’t appear to have been impacted in this new incident and this wasn’t the result of a Microsoft vulnerability, this is still the latest in a line of cybersecurity incidents for Microsoft. It found itself at the center of the SolarWinds attack nearly three years ago, then 30,000 organizations’ email servers were hacked in 2021 due to a Microsoft Exchange Server flaw, and Chinese hackers breached US government emails via a Microsoft cloud exploit last year.

Microsoft is now changing the way it designs, builds, tests, and operates its software and services. It’s the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after huge Windows XP flaws knocked PCs offline.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

iOS 18.2 just added a faster way to message...

iOS 18.2 came packed with a lot of...

A popular technique to make AI more efficient has...

One of the most widely used techniques to...

ICAI Says Probe Into Alleged Audit Lapses At BYJU’S...

SUMMARY ICAI president Ranjeet Kumar Agarwal has revealed that...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!