Microsoft says Russian group infiltrated some employees’ email accounts

Unlock the Editor’s Digest for free

Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.

Microsoft said on Friday that email accounts belonging to members of its senior leaders were infiltrated by a notorious Russian hacking group that had access to the systems for weeks before being identified.

Midnight Blizzard, the Russian state-sponsored group also known as Nobelium, gained access to a “very small percentage” of Microsoft employee email accounts in November, including some of its senior leaders, according to a Microsoft blog post on Friday.

The attack was detected on January 12, and Midnight Blizzard lost access to the accounts “on or about January 13”, Microsoft said. It said the attack was “not the result of a vulnerability in Microsoft products or services”.

Microsoft said the attacks underlined the risks posed by groups such as Midnight Blizzard, which was responsible for a high-profile spree of cyber attacks in 2020 that hijacked software from the software group SolarWinds in order to breach the US Treasury and Commerce departments, as well as the Pentagon and several Fortune 500 companies. The US later said the group was linked to Russia’s foreign intelligence service.

In August, Microsoft warned users that the same group was conducting phishing attempts that were sent as Microsoft Teams chats.

In the latest attack, the hacking group had initially targeted “email accounts for information related to Midnight Blizzard itself”, Microsoft said. The hackers used a so-called password spray attack — which involves trying common passwords to log into numerous different accounts — to break into a “legacy” account, and then used that account to access the others.

Microsoft said it was still analysing the impact of the attack and what information the group had obtained, and that it was working with law enforcement. There was no initial evidence that Midnight Blizzard had gained access to customer accounts or artificial intelligence systems, the company added.

“Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk — the traditional sort of calculus is simply no longer sufficient,” the company said. “For Microsoft, this incident has highlighted the urgent need to move even faster.”