Russian Hackers Access Microsoft Executives’ Emails in Recent Cyberattack

Microsoft has revealed that Nobelium, a Russian intelligence group also responsible for the SolarWinds breach in 2020, accessed the email accounts of some of its senior executives. This cyberattack, detected last week, marks another intrusion by Russian hackers into Microsoft’s systems. The company emphasized that the breach did not materially affect its operations but chose to disclose the incident in line with new U.S. cybersecurity incident disclosure requirements.

Amid the ongoing Russia-Ukraine conflict, such state-sponsored cyberattacks are increasingly seen as significant risks, particularly in disseminating sensitive information. Microsoft, in its announcement, underscored its commitment to transparency, aligning with the new U.S. rules on cybersecurity incident reporting.

The Cybersecurity and Infrastructure Security Agency (CISA) is actively working with Microsoft to understand the impact of this incident and safeguard other potential victims. Notably, the breach involved a legacy non-production test tenant account, leading to the unauthorized access of a small percentage of corporate email accounts. These accounts included members of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other functions, with some emails and documents being exfiltrated.

While Microsoft’s senior leadership, including CFO Amy Hood, President Brad Smith, and CEO Satya Nadella, are part of the affected group, the company has found no evidence of Nobelium accessing customer data, production systems, or proprietary source code. Nobelium, also known as APT29 or Cozy Bear and sometimes referred to by Microsoft as Midnight Blizzard, has a history of sophisticated cyberattacks against U.S. allies, the Department of Defense, and was involved in the 2016 Democratic National Committee breach.

This incident follows a previous breach by China-aligned hackers exploiting a Microsoft software vulnerability, which led to significant criticism of the company’s cybersecurity practices. Microsoft is continuing its investigation into the latest breach and is working with law enforcement and regulatory authorities.

The FBI is also aware of the situation and is collaborating with federal partners in response to the attack.