emails of Microsoft executives hacked by hackers linked to the Russian state

Senior Microsoft executives had their emails hacked. The company’s security team detected the latest attack on January 12, triggering defenses that blocked the hackers’ further access. But they began last November, when the hackers tried a password on a series of accounts and thus managed to access an old test account, Microsoft explained in a court document. The hackers then used this “fulcrum” to access certain Microsoft employee accounts, including those of executives and members of the security team, and retrieved emails and attachments.

Those responsible for this cyberattack are hackers linked to the Russian intelligence service. This is what the court document filed by the American IT giant indicates. More precisely, the author of the cyberattack is “Midnight Blizzard”, according to Microsoft, a group which acts in connection with Russia’s foreign intelligence services, according to Washington and London.

“The investigation indicates that the hackers first targeted the email accounts for information relating to Midnight Blizzard itself”in fact, indicated Microsoft.

Target States, diplomatic entities, NGOs and IT service providers

In an August blog post discussing an earlier cyberattack, the group explained that “ this actor is known to mainly target States, diplomatic entities, non-governmental organizations and IT service providers, in the United States and Europe. » “They seek to collect intelligence by spying on foreign interests over the long term”, he added. The activities of “Midnight Blizzard,” also known as “Nobelium,” have been traced back to early 2018, according to Microsoft.

“We should expect fully automated cyberattacks using generative AI” (Mikko Hyppönen)

However, the company believes that there is no evidence that the hackers accessed customer accounts, production systems, source code or artificial intelligence software at Microsoft. “Given the reality of well-resourced and state-funded bad actors, we are seeking a new balance between security and business risks.”, underlined Microsoft. And to add: “We will act immediately to apply our current security standards to legacy systems and internal business processes owned by Microsoft, even if these changes risk disrupting existing business processes”.

Previous attacks

This is not the first time that Microsoft has been the victim of such an attack. In July 2023, the company and the Cybersecurity and Infrastructure Security Agency (CISA) reported a successful cyberattack that affected several customers of Microsoft Exchange Online and Outlook email services. However, this hack had, in particular, affected high-ranking members of the government including the American ambassador to China, Nicholas Burns, as well as Gina Raimondo, the secretary of commerce, and a member of the State Department whose name had not been not been revealed. The attack was then attributed to an unidentified Chinese group, called Storm-0558, although a Chinese official denied any responsibility of his country in the attack.

Hacking of Microsoft by Chinese hackers: what happened?

In September 2022, researchers from the GSTC company warned of the presence of two new so-called “zero day” vulnerabilities, that is to say without a patch, exploited by hackers to spy on emails relayed by Microsoft Exchange. Revelations echoing those of Microsoft itself, in March 2021, regarding Chinese hackers who had exploited flaws in its Exchange software, quickly named Proxylogon, to steal data from several of its customers.

Following this incident, the company had however implemented a new security tool, called Microsoft Exchange Emergency Mitigation Service (EM), deployed by default on Microsoft Exchange instances which had carried out the last update. This device allows the publisher to make automatic modifications to its customers’ systems, in the event of an emergency similar to Proxylogon. A radical measure which also constituted a first in the software industry.

(With AFP)