Microsoft Reveals Russian Hackers Targeted Other Organizations


Microsoft has disclosed that the recent hack carried out by Russian government spies was not limited to the technology giant alone. In a new blog post, the company stated that the same group of hackers had targeted other organizations as well. As part of its standard notification procedures, Microsoft has initiated the process of informing these targeted entities.

Key Takeaway

Microsoft has revealed that the Russian hackers responsible for the recent intrusion also targeted other organizations. The extent of the targeting and the impact of the breach on these entities remain subjects of ongoing investigation.

Extent of the Targeting

It remains unclear how many organizations have been targeted by the Russian-backed hackers. Microsoft has not provided a specific number of victims it has notified so far, despite requests for comment.

Identification of the Hackers

Microsoft has identified the hackers as the group it calls Midnight Blizzard, which is widely believed to be working for Russia’s Foreign Intelligence Service, or SVR. Other security companies refer to the group as APT29 and Cozy Bear.

Details of the Intrusion

According to Microsoft, the intrusion was detected on January 12, with the hacking campaign commencing in late November. The hackers utilized a “password spray attack” on a legacy system that lacked multi-factor authentication. This technique involves attempting to brute-force access to accounts using commonly used passwords or a larger list of passwords from past data breaches.

Modus Operandi of the Attack

The hackers tailored their password spray attacks to a limited number of accounts, using a low number of attempts to evade detection and avoid account blocks. They further reduced the likelihood of discovery by launching these attacks from a distributed residential proxy infrastructure, thereby obfuscating their activity and enabling the attack to persist over time until successful.

Impact of the Breach

Once access was gained, the hackers targeted a small percentage of Microsoft corporate email accounts, specifically focusing on senior executives and individuals working in cybersecurity, legal, and other departments. The compromised accounts were used to steal some emails and attached documents. Interestingly, the hackers were also seeking information about what Microsoft knows about them.

Related Disclosure by Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE) revealed that its Microsoft-hosted email system was also hacked by Midnight Blizzard. The company stated that the hackers accessed and exfiltrated data from a small percentage of HPE mailboxes starting in May 2023. However, it is currently unclear whether this breach is directly linked to the espionage campaign targeting Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Stories

How To Make Beacon In Minecraft

How To See Light Level In Minecraft

Hundreds Of AI Experts Call For Legislation Against Deepfakes

Varaha: Revolutionizing Carbon Credits For Smallholder Farmers

How To Make Candles Minecraft