Microsoft Security Alert: Russian Group Views More Emails

Microsoft alerts other clients of the Russian hackers’ infiltration of their system after revealing the email compromise of senior leaders in January.

TakeAway Points:

  • Microsoft disclosed that Russian state-sponsored hackers, Midnight Blizzard, had obtained emails belonging to other clients, including government agencies.
  • The incident is one of several security lapses that led to Microsoft’s extensive security reorganisation and investigation by US federal agencies.
  • The 2021 SolarWinds attack was connected to Midnight Blizzard, which continues to represent a serious cybersecurity risk to the public and private sectors.

Microsoft Reports Email Vulnerability

Microsoft Corp. has informed additional customers that their emails were accessed by a Russian state-sponsored hacking group, according to a company spokesperson. This follows the company’s January disclosure that hackers had stolen emails from senior leaders to break into customers’ communications, including those of government agencies. The attack has been attributed to a group that US and UK authorities have linked to the Russian Foreign Intelligence Service.

The hackers, identified by Microsoft as Midnight Blizzard, accessed messages exchanged between Microsoft executives and other companies and organizations. Microsoft is now notifying affected customers, some of whom had previously been informed, while others are being notified for the first time as the company continues to assess the damage. The company has not disclosed which customers are receiving these notifications.

Security Breach and Government Reaction

The breach is part of a series of high-profile security failures for Microsoft, which is currently undergoing its most significant security overhaul in decades. Earlier this month, Microsoft President Brad Smith appeared before the House Committee on Homeland Security, taking full responsibility for the company’s security lapses. 

“We are committed to learning from this incident and improving our security measures,” Smith stated.

The full extent of the Midnight Blizzard attack remains unclear. In April, US federal agencies were directed to analyze emails, reset compromised credentials, and secure Microsoft cloud accounts due to concerns that the hackers may have accessed sensitive correspondence. 

The US Cybersecurity and Infrastructure Security Agency (CISA) described the hack as a “grave and unacceptable risk” to government agencies. Representatives for CISA did not immediately respond to requests for comment on Microsoft’s new notifications.

Previous Cyberattacks

Midnight Blizzard, also known as APT29 and Cozy Bear, is the same group responsible for the 2021 cyberattack on SolarWinds Corp. In that attack, malicious code was inserted into a software update, allowing the intruders to gain further access to customers. Approximately 100 companies and nine federal agencies were targeted in the SolarWinds attack.

The recent breach has drawn strong condemnation from the US government, highlighting the ongoing challenges in cybersecurity. The attack underscores the vulnerabilities in even the most robust systems and the persistent threat posed by state-sponsored hacking groups.

Meanwhile, Microsoft announced in late March a new capability that will be available in its Azure AI Studio and Azure OpenAI Service, which are used to build custom Copilots and generative AI applications. The device, called Prompt Shields, is intended to protect AI chatbots from two distinct kinds of threats. 

The company is ramping up its Azure AI services to prevent people from tricking chatbots into performing unintended and illegal tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button