Microsoft, led by Satya Nadella, reveals that a group linked to Russia has hacked employee emails.
Microsoft Corp., led by Satya Nadella, has reported that a hacking group with ties to Russia has targeted their corporate systems, gaining unauthorized access to a limited number of email accounts. These compromised accounts include those belonging to senior executives, as well as employees specializing in cybersecurity and legal matters.
The company said it is working immediately to fix older systems that are likely to cause disruptions.
The hacking group does not appear to have used customer systems or Microsoft servers running externally facing products, the software giant said in a blog post on Friday. Microsoft also has no evidence that the group, dubbed Midnight Blizzard, accessed the source code or AI systems.
“We are taking immediate action to apply our current security standards to legacy Microsoft-owned systems and internal business processes, even if the changes could cause disruption to existing business processes,” the company said. “This is likely to cause some degree of disruption.”
The group Microsoft holds responsible, also known as “Nobelium,” is a sophisticated nation-state hacking group tied to Russia by the U.S. government. The same group previously breached U.S. federal contractor SolarWinds Corp. as part of a massive cyber espionage effort against U.S. federal agencies.
The company said that starting in November, hackers used a “password flurry” to infiltrate its systems. This technique, sometimes known as a “brute force attack,” typically involves outsiders rapidly attempting multiple passwords with specific usernames in an attempt to break into targeted corporate accounts.
In this case, the attackers took not only the accounts used, but also the e-mails and attached documents. Microsoft said it discovered the hack on Jan. 12, adding that the company continues to notify employees whose emails have been accessed.
Eric Goldstein, deputy director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, said government officials are “coordinating closely with Microsoft to learn more about this incident and understand its impact so we can help protect other potential victims.”
Microsoft technology has often been the target of major hacking campaigns.
The U.S. Cybersecurity Review Board, which reports to the U.S. Department of Homeland Security, estimates as early as 2023 a breach of Microsoft Exchange Online, which the company blames on China-related hackers. This breach allowed the hacking of the email accounts of high-ranking US officials and has sparked growing concerns about the security of cloud computing. Microsoft said in September that it found five different bugs in its systems that have been “fixed.”
In an interview with Bloomberg in 2023 after that breach, Jen Easterly, head of the agency that administers the board, suggested that Microsoft should “rebuild the ethos” of what Microsoft founder Bill Gates called “trusted computing” in 2002, when he urged employees to focus on security rather than adding new features.
“I’m absolutely positive that they need to focus on making sure their products are secure by default and by design, and we’re going to continue to work with them to encourage them to do that,” Easterly said of Microsoft.
In November, Microsoft announced that it was reviewing the security of its software and systems after several high-profile hacks. Now the company said it needs to speed up changes, especially to older systems and products.
“For Microsoft, this case has highlighted the urgent need to move even faster,” the company said Friday.
Also read these top stories of today:
The risk of artificial intelligence in healthcare! “As LMMs become more widely used in health care and medicine, errors, misuse and ultimately harm to individuals are inevitable,” the WHO warned. Also know some benefits. Check them out now. If you enjoyed reading this article, please share it with your friends and family.
No ChatGPT Bang for Bing Buck! When Microsoft announced it was adding ChatGPT to its Bing search engine, emerging analysts hailed the move as an “iPhone moment.” But that doesn’t seem to have happened. You know what happened here.
People Trump AI! Sam Altman, CEO of OpenAi, says that people are smart enough to figure out what to use ChatGPT for and what not. “People have found ways to make ChatGPT very useful for them and figured out what not to use it for,” says Sam Altman. Read all about it here. If you enjoyed reading this article, please share it with your friends and family.
