Microsoft is revealing as we speak that it has found a nation-state assault on its company methods from the identical Russian state-sponsored group of hackers that had been answerable for the subtle SolarWinds attack. Microsoft says the hackers, often called Nobelium, had been capable of entry electronic mail accounts of some members of its senior management crew late final 12 months.
“Starting in late November 2023, the menace actor used a password spray assault to compromise a legacy non-production check tenant account and achieve a foothold, after which used the account’s permissions to entry a really small share of Microsoft company electronic mail accounts, together with members of our senior management crew and workers in our cybersecurity, authorized, and different capabilities, and exfiltrated some emails and hooked up paperwork,” says the Microsoft Safety Response Heart in a blog post filed late on Friday.
Microsoft says the group was “initially concentrating on electronic mail accounts” for details about themselves, but it surely’s not clear what different emails and paperwork have been stolen within the course of. Microsoft solely found the assault final week on January twelfth, and the corporate hasn’t disclosed how lengthy the attackers had been capable of entry its methods.
“The assault was not the results of a vulnerability in Microsoft services or products. To this point, there is no such thing as a proof that the menace actor had any entry to buyer environments, manufacturing methods, supply code, or AI methods,” says Microsoft.
The assault came about simply days after Microsoft introduced its plan to overtake its software program safety following main Azure cloud assaults. Whereas Microsoft prospects don’t seem to have been impacted on this new incident and this wasn’t the results of a Microsoft vulnerability, that is nonetheless the newest in a line of cybersecurity incidents for Microsoft. It discovered itself on the middle of the SolarWinds assault practically three years ago, then 30,000 organizations’ email servers were hacked in 2021 attributable to a Microsoft Alternate Server flaw, and Chinese language hackers breached US government emails through a Microsoft cloud exploit final 12 months.
Microsoft is now altering the way in which it designs, builds, checks, and operates its software program and providers. It’s the largest change to its safety strategy because the firm introduced its Safety Growth Lifecycle (SDL) in 2004 after enormous Home windows XP flaws knocked PCs offline.