Microsoft says Russian government hackers stole email from its leaders

microsoft, microsoft says russian government hackers stole email from its leaders

Microsoft says Russian government hackers stole email from its leaders

Microsoft said hackers working for the Russian government broke into its corporate networks two months ago and stole email from executives and some employees in its cybersecurity and legal departments.

Microsoft said in a late Friday blog post that it had detected the November breach on Jan. 12 and was beginning to notify staffers whose communications were intercepted.

It also disclosed the intrusion in a filing with the Securities and Exchange Commission, which last year began requiring public companies to do so within four days of determining that a breach is material, including when a reasonable investor would want to know about a potential impact on reputation or relationships with customers.

Friday’s SEC filing said Microsoft “has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”

A person familiar with Microsoft’s thinking said it filed with the regulator without being convinced of the material impact to comply with the spirit of the new regulation. That person spoke on the condition of anonymity to discuss internal matters.

Microsoft said the breach was not due to any flaw in its widely used software. Instead it began with a “password spraying,” in which an attacker tries a common password to log in as many users in rapid succession in hopes that one combination works.

The password worked on what Microsoft said was an old test account. The hacker then used the account’s privileges to get access to multiple streams of email. Soon after the intrusion, the hackers searched through the email accounts to find out what Microsoft knew about them, the company said.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company said in an emailed statement.

Even so, the intrusion is embarrassing for the maker of Windows and Office software, which also runs some of the world’s largest cloud services businesses.

The same hacking group was behind the massive breach of SolarWinds network management software that was disclosed in late 2020. In that case, the hackers inserted a backdoor into SolarWinds code that allowed them to delve into nine federal agencies and 100 other customers of SolarWinds.

As part of that hacking spree, the intruders compromised Microsoft resellers with ongoing access to customers, then added or modified accounts at those customers in pursuit of email to steal. The SEC sued Solar Winds last year for failing to tell stockholders its systems were subject to hacks.

Government officials and outside security experts have repeatedly called out weak authentication requirements, test accounts and the ease in creating new accounts as major holes in Microsoft service protections. Similar holes were used in the new attack on Microsoft.

Friday’s disclosure also comes during investigations by the Department of Homeland Security’s cyber safety review board and others into lapses in Microsoft security that allowed Chinese government hackers to steal unclassified email from top U.S. diplomats ahead of a summit between the two nations last year.

In that instance, the hackers were able to steal Microsoft’s digital keys for validating new organizational customers.

Since then, Microsoft has said it is redoubling its efforts in security.

In that instance, the hackers were able to steal Microsoft’s digital keys for validating new organizational customers.

News Related

OTHER NEWS

Lawsuit seeks $16 million against Maryland county over death of pet dog shot by police

A department investigator accused two of the officers of “conduct unbecoming an officer” for entering the apartment without a warrant, but the third officer was cleared of wrongdoing, the suit says. Read more »

Heidi Klum shares rare photo of all 4 of her and Seal's kids

Heidi Klum posted a rare picture with husband Tom Kaulitz and her four kids: Leni, 19, Henry, 18, Johan, 17, and Lou, 14, having some quality family time. Read more »

European stocks head for flat open as markets struggle to find momentum

This is CNBC’s live blog covering European markets. European markets are heading for a flat open Tuesday, continuing lackluster sentiment seen at the start of the week in the region ... Read more »

Linda C. Black Horoscopes: November 28

Nancy Black Today’s Birthday (11/28/23). This year energizes your work and health. Faithful domestic routines provide central support. Shift directions to balance your work and health, before adapting around team ... Read more »

Michigan Democrats poised to test ambitious environmental goals in the industrial Midwest

FILE – One of more than 4,000 solar panels constructed by DTE Energy lines a 9.37-acre swath of land in Ann Arbor Township, Mich., Sept. 15, 2015. Michigan will join ... Read more »

Gaza Is Falling Into ‘Absolute Chaos,’ Aid Groups Say

A shaky cease-fire between Israel and Hamas has allowed a surge of aid to reach Palestinians in Gaza, but humanitarian groups and civilians in the enclave say the convoys aren’t ... Read more »

Bereaved Israeli and Palestinian families to march together in anti-hate vigil

Demonstrators march against the rise of antisemitism in the UK on Sunday – SUSANNAH IRELAND/REUTERS Bereaved Israeli and Palestinian families will march together as part of an anti-hate vigil on ... Read more »
Top List in the World