Microsoft has claimed that a Russian state-sponsored group hacked into its corporate systems on January 12 and accessed the accounts of employees of the company’s leadership team as well as its cybersecurity and legal teams. .

Microsoft Chairman and Chief Executive Officer Satya Nadella.

MicrosoftIn a blog post, it said the hacking began in late November and was discovered on January 12.

3.6 crore Indians visited in a single day and chose us as India’s undisputed platform for general election results. Discover the latest updates. Here!

The US multinational technology corporation, best known for its software products, said a “very small percentage” of Microsoft corporate accounts were accessed, and some emails and attached documents were stolen.

The Russian group was able to access Microsoft corporate email accounts, including those of members of its senior leadership team and employees in cybersecurity, legal and other functions, the company added.

Microsoft’s threat research team, which routinely investigates nation-state hackers, blamed Russia’s ‘Midnight Blizzard’ for the hack.

Microsoft also said that its investigation into the breach showed that the hackers were initially targeting the software company to learn what the company knew about their operations.

Also read: Meta is in the AI ​​race against rivals Google, Microsoft. are working to create ‘human-level’ AI soon.

The company added that hackers used a “password spray attack” starting in November 2023 to breach the Microsoft platform. Hackers use the technique to infiltrate company systems by using the same compromised password against multiple related accounts, Microsoft said.

Reuters news agency reported that the Russian Embassy in Washington and the Foreign Ministry did not immediately respond to a request for comment.

“This attack highlights the continuing threat to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” Reuters quoted Microsoft as saying. The company added that the attack was not the result of any specific vulnerability in its products or services.

“To date, there is no evidence that the threat actor had any access to the customer’s environment, production systems, source code, or AI systems,” the company said in a blog post.

What is a midnight blizzard?

Midnight Blizzard, also known by cybersecurity researchers as APT29, Nobelium or Cozy Bear, is linked to Russia’s SVR spy agency, US officials said. The group is best known for infiltrating the Democratic National Committee around the 2016 US election.

Microsoft products are widely used by the US government. The company faced criticism for its security practices last year after Chinese hackers stole the emails of top US State Department officials.

Before revamping its threat actor name last year, Microsoft called the group Nubelium. Cybersecurity firm Mandant, which is owned by Google, calls the group Cozy Bear.

In a 2021 blog post, Microsoft called the SolarWinds hacking campaign “the most sophisticated nation-state attack in history”. In addition to US government agencies, including the Justice and Treasury departments, more than 100 private companies and think tanks were compromised, the AP news agency reported, including software and telecommunications providers.

(With input from Reuters, Apk)

Get ready with the World Cup. Cricket From live scores to match stats, catch all the action here. Discover now!
Get current updates on World news, US News , Hollywood News , anime And top headlines from around the world.



Source link