Microsoft executives' emails hacked by a group linked to Russian intelligence

An elite hacking group sponsored by Russian intelligence gained access to the emails of some senior Microsoft executives starting in late November, the company announced Friday in a blog post and filing with regulators.

Microsoft said it discovered the breach a week ago and was still investigating. The hackers appeared to focus on searching Microsoft corporate email accounts for information about the hacking group, which Microsoft researchers called Midnight Blizzard.

The hackers went through emails from Microsoft's senior leadership team and employees from cybersecurity, legal and other groups and took some emails and attachments, the company said. The company, which had worked with cybersecurity firms and governments to investigate previous attacks by the hacking group, did not disclose the names of the executives whose emails were targeted.

Russia's Foreign Intelligence Service has led the hacking group since at least 2008. according to to the US Cybersecurity and Infrastructure Security Agency. The group is known by several nicknames, including Cozy Bear, the Dukes and APT 29, and is behind a number of high-profile hacks, according to previous US government investigations.

Targets included the computers of the Democratic National Committee in 2015 and the technology provider SolarWinds, which gave Russia access to systems at the State Department, the Department of Homeland Security and parts of the Pentagon in 2020. Microsoft called that incident “the most sophisticated national cyberattack in history.”

The method used in the new hack appears less exotic: a relatively basic tactic known as password spraying, in which hackers try generic passwords on a large number of accounts. The group, that one has been known To use this tactic, he found an opening in an old account for a test system and then used that account's permissions to access the corporate email accounts, Microsoft said.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” Microsoft said in a statement.

The regulatory filing said the company had been notified and was cooperating with law enforcement.

Microsoft, which supplies technology to many Western governments, has long been the target of hacking by nation states. Last year, Chinese hackers breached Microsoft's systems and gained access to the email accounts of Commerce Secretary Gina M. Raimondo and other government officials.