In a recent disclosure on Friday, Microsoft revealed that the company had a cyberattack orchestrated by the hacking group known as Midnight Blizzard, also recognized as APT29 or Cozy Bear. This group, presumably linked to the Russian government, targeted corporate email accounts, specifically focusing on the company’s senior leadership team and employees in cybersecurity, legal, and other departments.
Interestingly, the target behind the attack was not the usual customer data or conventional corporate information theft. Instead, the hackers were interested in Microsoft’s knowledge about them, as stated by the company itself.
The investigation showed that the hackers initiated their attack by focusing on email accounts associated with information concerning Midnight Blizzard. Microsoft explained in a blog post and SEC disclosure that the attackers used a so-called “password spray attack,” basically using brute force against user accounts. Additionally, they’ve used the permissions of those compromised accounts to gain access to a limited number of Microsoft corporate email accounts.
Although Microsoft hasn’t mentioned the exact number of breached email accounts or specified the information accessed or stolen by the hackers, the company wanted to show its commitment to improving its security measures in response to the incident.
The company acknowledged the urgency of moving fast and expressed its intention to immediately apply enhanced security standards to Microsoft-owned legacy systems and internal business processes. Despite potential disruptions to existing business processes during this adjustment period, Microsoft confirmed that these changes are necessary.
The hacking group APT29, also known as Cozy Bear, appears to be connected to the Russian government and was involved in various high-profile cyberattacks. Previous targets include SolarWinds in 2019 and the Democratic National Committee in 2015.