Breach Notification , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Microsoft Is Warning More Customers About Russian State Hack
Company Is Sending Email Alerts to Customers Whose Data Was Accessed by HackersMicrosoft is alerting more of its customers whose data may have been accessed by Russian state hackers following a January attack that compromised the email accounts of company executives.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
A number of Office 365 administrators earlier this week took to Reddit to say emails from the Microsoft support team informed them that their emails have been accessed by Russian hacking group Midnight Blizzard.
Microsoft also shared a link to a custom-built secure system and asked the email recipients to use their Tenant ID to access the portal and review the customer data accessed by the hackers.
"This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that the Midnight Blizzard threat actor exfiltrated, and we are providing the customers the email correspondence that was accessed by this actor," a company spokesperson told Bloomberg.
The data leak stemmed from a January disclosure that the company attributed to Russian foreign intelligence service hackers. The threat actors exfiltrated email and documents from the email accounts of senior leadership and employees in its cybersecurity and legal departments (see: Microsoft: Russian Hackers Had Access to Executives' Emails).
The Russian hacking group is also known as APT29 or Cozy Bear. The Biden administration identified it as part of the Russian Foreign Intelligence Service in 2021 when it blamed the group for inserting a backdoor into IT infrastructure software developed by SolarWinds.
The latest disclosure from the company comes amid mounting criticism of Microsoft over high-profile security failures. Recently, Microsoft President Brad Smith during a U.S. congressional hearing acknowledged responsibility for a series of security failures that allowed Russian and Chinese state-sponsored actors to target government institutions across the world and the company (see: Microsoft President Admits to Major Security Failures)./p>
The U.S. Cybersecurity and Infrastructure Security Agency earlier this month invoked emergency powers to direct federal agencies to reset credentials and review account logs for potentially malicious activity in Microsoft environments (see: CISA Warns Russian Microsoft Hackers Targeted Federal Emails).