Microsoft’s senior executives targeted in Russian hackers’ password spray attack

Tech
By Lucas Anderson 4 0

  • Russian state-backed hackers have been targeting Microsoft systems.

  • The hackers infiltrated a small percentage of Microsoft’s corporate email accounts.

  • Microsoft has enhanced security and its investigation is coordinating with federal law enforcement.

Russian state-backed hackers have been targeting Microsoft systems, the company announced in a blog update.

The company detected unauthorized activity from the group beginning in late November 2023. In February, the Russian state-sponsored actor ramped up its attacks tenfold from January when a “large volume” of cybersecurity issues emerged.

Members of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other functions were among the people whose email accounts were infiltrated, said a company filing with the SEC.

The blog said a Microsoft Threat Intelligence investigation identified the culprit as Midnight Blizzard on Friday.

The hackers infiltrated a small percentage of corporate email accounts, Microsoft said.

Midnight Blizzard first gained access through password spray attacks, attempting the same password on many accounts before repeating the process with another one.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access. This has included access to some of the company’s source code repositories and internal systems,” said the computer giant’s blog.

Sean Lyngaas, CNN’s cybersecurity reporter, wrote: “Source code is coveted by corporations — and spies trying to breach them — because it is the secret nuts and bolts of a software program that make it function.”

Hackers with access to source code can use it to launch further attacks.

The company filing with the SEC said there is no evidence of access to Microsoft customer environments or AI systems.

Microsoft said it was taking measures to defend itself against “this advanced persistent threat.”

The filing said no material impact on operations had been determined yet.

Microsoft’s investigation is ongoing, and a company blog update said the corporation would provide additional details as appropriate.

They will continue collaborating with law enforcement and regulators.

Business Insider contacted Microsoft for comment.

Read the original article on Business Insider

Source link

Lucas Anderson

You might also like
Tech

Take-Two is shutting down the studios behind Rollerdrome and Kerbal Space Program 2

Tech

George Miller Would Like to Make Another Mad Max Prequel Movie After Furiosa

Tech

Snapchat will finally let you edit your chats

Tech

Cognizant first-quarter revenue beats estimates on steady spending by clients

Tech

Apple set for big sales decline as investors await AI in iPhones

Tech

A researcher is suing Meta for the right to ‘turn off’ Facebook’s news feed

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More