Russian-sponsored group that hacked Microsoft executives’ emails, warns the tech giant

Microsoft Corp. has initiated the process of alerting organizations that they have been targeted by the same Russian-sponsored group responsible for hacking into its executives’ emails in the previous year.

Microsoft’s Threat Intelligence team has identified the hackers — a group known as Midnight Blizzard or Cozy Bear — as the same actor that “has targeted other organizations,” according to a blog post from the software maker on Thursday. “As part of our standard notification processes, we have begun to notify these target organizations.”

The revelation is the latest sign that the group’s recent activities have spread beyond Microsoft. On Wednesday, Hewlett Packard Enterprise Co. reported a breach of a cloud-based email system that it said likely caused the Midnight Blizzard.

Last week, Microsoft revealed that the group compromised an “old non-production test tenant account” and used it as a foothold to gain access to a “small number” of email accounts, including those of senior management and employees working on cybersecurity and legal affairs. Microsoft said the hackers initially targeted the emails at Midnight Blizzard. A subsequent investigation found that the original email account did not have multi-factor authentication, a common security measure, Microsoft said.

On December 12, information technology supplier HPE said it was notified that its email systems had been breached by a nation-state hacking group. Researchers believe hackers accessed and penetrated data starting in May using a small portion of HPE mailboxes belonging to employees in cybersecurity and other fields.

The US government has linked a hacking group, also known as Nobelium, to Russia. The same group previously targeted SolarWinds Corp. in a massive cyber espionage campaign against multiple federal agencies.

More stories like this are available at bloomberg.com

©2024 Bloomberg L.P.