Hackers linked to Russian intelligence services managed to hack emails from senior Microsoft executives, according to a court document filed by the American IT giant.
According to Microsoft, the perpetrator of the cyberattack is “Midnight Blizzard”. This group operates in conjunction with Russia’s foreign intelligence services, according to Washington and London.
“This actor is known to primarily target states, diplomatic entities, non-governmental organizations, and IT service providers in the United States and Europe,” Microsoft said in a blog post last August, about a previous cyber attack.
“They seek to collect intelligence by spying on foreign interests over the long term.”
The activities of “Midnight Blizzard,” also known as “Nobelium,” have been traced back to early 2018, according to Microsoft.
The company’s security team detected the latest attack on January 12, triggering defenses that blocked the hackers’ further access.
The attack began last November when hackers tried passwords on a series of accounts, successfully gaining access to an old test account, Microsoft said in the court document.
The hackers then used this “holding point” to access certain Microsoft employee accounts, including those of executives and members of the security team, and retrieve emails and attachments.
“The investigation indicates that the hackers first targeted email accounts for information related to Midnight Blizzard itself,” Microsoft said.
According to the company, there is no evidence that the hackers accessed customer accounts, production systems, source code or artificial intelligence software at Microsoft.
“Given the reality of well-resourced and state-funded malicious actors, we are seeking a new balance between security and business risks,” Microsoft said.
“We will act immediately to apply our current security standards to legacy systems and internal business processes owned by Microsoft, even if these changes risk disrupting existing business processes.”