Microsoft on Friday accused a Russian-linked hacking group of a cyberattack on its corporate systems. The tech giant said that during the attack, the group named Midnight Blizzard, gained access to a small number of email accounts, including those of senior leadership and employees who work in cybersecurity and legal. In response, Microsoft has said that it will apply current security standards to Microsoft-owned legacy systems and internal business processes despite it being likely to cause disruption to existing business processes.
As per the blog post of Microsoft, based on preliminary investigation, it concluded that the group was targeting email accounts for information related to Midnight Blizzard itself. The post read, "The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required. This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard."
The company said that the attack started back in November with the hackers using a 'password spray' attack to infiltrate the systems. Password spray technique typically involves outsiders quickly trying a number of passwords on specific user names in order to breach targeted corporate accounts.
Towards the end, the post read, “We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes. This will likely cause some level of disruption.”
Midnight Blizzard's Ties With Russia
Midnight Blizzard, also known as 'Nobelium', is a sophisticated nation-state hacking group which the US government has associated with Russia. Earlier, the same group has breached SolarWinds, a US federal contractor, as part of a massive cyber-espionage effort against US federal agencies.
In this case, in addition to the accessed accounts, the attackers also took emails and attached documents.