Russian Hackers Target Microsoft in Search of Information

Microsoft revealed Friday that the Russian government-sponsored hacking group Midnight Blizzard (APT29 or Cozy Bear) targeted the company’s corporate email accounts. 

Surprisingly, the hackers weren’t after traditional corporate or customer data; they sought information about themselves, specifically what Microsoft knew about the hacking group.

Targeting Microsoft’s Senior Leadership:

The cyber attack included compromised email accounts belonging to Microsoft’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” 

The hackers utilized a “password spray attack,” a form of brute force, to gain unauthorized access to a legacy account. From there, they leveraged the account’s permissions to infiltrate a limited number of Microsoft corporate email accounts.

Focus on Midnight Blizzard Information:

Microsoft’s investigation suggests that the hackers initially targeted email accounts to gather information about Midnight Blizzard. 

The motive behind this unique approach remains undisclosed, and Microsoft has not specified the extent of the accessed or stolen information.

While Microsoft did not disclose the number of breached email accounts, the company seized the opportunity to discuss its commitment to enhancing security measures. 

Microsoft emphasized the need for urgent action and pledged to apply current security standards to legacy systems and internal processes, even if disruptions occur. This incident underscores the company’s determination to adapt quickly to evolving cybersecurity threats.

APT29 (Cozy Bear) Background:

APT29, or Cozy Bear, is widely recognized as a Russian hacking group responsible for high-profile cyber attacks. Previous targets include SolarWinds in 2019 and the Democratic National Committee in 2015. 

Microsoft’s disclosure sheds light on the persistent threat that state-sponsored hacking groups pose and their evolving tactics.