Russian : Today, Microsoft announced that it has found a nation-state attack on its business systems. The hackers were sent by the same Russian government-backed group that did the sophisticated SolarWinds attack. Microsoft says that the hackers, who go by the name Nobelium, were able to get into the email accounts of some of its top leaders at the end of last year.
Russian SolarWinds hackers got into :
Starting in late November 2023, the threat actor used a password spray attack to get into a legacy non-production test tenant account and get a foothold. They then used the account’s permissions to get into a very small number of Microsoft corporate email accounts, including those of our senior leadership team and employees in cybersecurity, legal, and other departments, and stole some emails and attached files.
The group was “initially targeting email accounts” to get information about themselves, but Microsoft doesn’t say what other emails and papers were stolen. Microsoft didn’t know about the attack until last week, on January 12th, and the company hasn’t said how long the hackers were able to get into its computers.
“The attack wasn’t caused by a flaw in any Microsoft services or products.” “As of now, there is no proof that the threat actor had access to production systems, customer environments, source code, or AI systems,”
The attack happened only a few days after Microsoft said it would change how its software is protected after big attacks on the Azure cloud. Customers of Microsoft don’t seem to have been affected by this new event, and it wasn’t caused by a Microsoft vulnerability. However, this is the latest in a string of security problems for Microsoft. It found itself at the heart of the SolarWinds attack nearly three years ago, then 30,000 organizations’ email servers were hacked in 2021 due to a Microsoft Exchange Server flaw, and Chinese hackers breached US government emails via a Microsoft cloud exploit last year.
Microsoft is now changing the way it designs, builds, tests, and runs its software and services. It’s the biggest change to its security method since the company announced its Security Development Lifecycle (SDL) in 2004 after huge Windows XP flaws knocked PCs offline.