- Microsoft said on Friday that its security systems were breached by a Russian hacking group.
- Microsoft identified the group as Midnight Blizzard, which was behind the SolarWinds cyberattack.
Microsoft said Friday that its systems were breached by Russian hackers who accessed a "very small percentage" of corporate email accounts.
The breached accounts belong to members of the company's senior leadership team, employees in its cybersecurity and legal departments, and those working on "other functions."
The attack was launched by Midnight Blizzard — the seasoned Russian hacking group behind the massive 2020 attack on US information technology firm SolarWinds, which exposed sensitive information in the US federal government.
According to Microsoft, Midnight Blizzard first accessed the company's systems in late November through a "password spray" attack, a tactic where a malicious actor uses the same password on multiple accounts. But it was only last week that Microsoft first detected a threat to its systems, the company said.
Based on Microsoft's initial investigation, it appears that Midnight Blizzard targeted corporate email accounts to find information about itself and managed to withdraw "some emails and attached documents."
"The attack was not the result of a vulnerability in Microsoft products or services," a spokesperson for Microsoft told Business Insider by email. "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
The company, however, had a similar response back in 2021 after its systems were impacted by the SolarWinds attack. At the time, Microsoft said its software and tools hadn't been used "in any way for this attack." A spokesperson for the company also told BI at the time that it had "not identified any software vulnerability in Microsoft products or cloud services that led to compromise." But federal investigators said they found evidence the hackers accessed Microsoft Office 365.
Midnight Blizzard isn't the only group that's breached Microsoft's systems in recent years. In 2021, an "unusually aggressive Chinese cyber espionage unit" exploited a flaw in Microsoft's Exchange server email software and accessed 30,000 organizations, including companies, small businesses, and local governments. This past July, Microsoft also announced an attack from an "adversary based in China" that gained access to email accounts at US government agencies.
In November, Microsoft launched the Secure Future Initiative, a move to bolster its cybersecurity protection.
The company said the recent incident has "highlighted the urgent need to move even faster." It's planning to "act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes."