On Friday, Microsoft revealed that a hacking group known as Midnight Blizzard, or APT29, believed to be sponsored by the Russian government, breached several corporate email accounts. The targeted accounts included those belonging to the company’s senior leadership team and employees in cybersecurity, legal, and other functions.
Key Takeaway
The Russian government-sponsored hacking group, Midnight Blizzard, breached Microsoft’s corporate email accounts not to steal data, but to uncover information about themselves, highlighting the evolving nature of cyber threats.
The Intriguing Target
Surprisingly, the hackers did not pursue the typical route of seeking customer data or traditional corporate information. Instead, they aimed to uncover what Microsoft knows about them. The company’s investigation suggests that the hackers initially targeted email accounts for information related to Midnight Blizzard itself.
The Breach
Microsoft reported that the hackers employed a “password spray attack,” essentially a form of brute force, against a legacy account. Subsequently, they utilized the account’s permissions to access a small percentage of Microsoft corporate email accounts. However, the exact number of breached email accounts and the nature of the accessed or stolen information were not disclosed by Microsoft.
Response and Moving Forward
Microsoft seized the opportunity to address the incident and outline its plans to enhance security. The company emphasized the urgent need to expedite security measures and apply current standards to Microsoft-owned legacy systems and internal business processes. Despite the potential disruption caused by these changes, Microsoft stressed the necessity of embracing this new approach.
About APT29, or Cozy Bear
APT29, also known as Cozy Bear, is widely believed to be a Russian hacking group responsible for several high-profile attacks, including those against SolarWinds in 2019 and the Democratic National Committee in 2015.