Microsoft revealed that some of it’s corporate email accounts were compromised by a Russian state-sponsored hacking group, resulting in some data being stolen.
While the company didn’t mention what type of data was stolen, it said the accounts were breached using a password spray attack, and not because of any vulnerability in their infrastructure. Microsoft is now in the process of informing the affected employees.
Hacking Microsoft Email Accounts
Microsoft on Friday night revealed that a Russian state-sponsored hacking group called Midnight Blizzard had breached some of it’s corporate email accounts and stole data.
While it didn’t reveal what type of data was stolen, the company said the threat actors breached their systems in November 2023, and they detected the attack on January 12th. Upon investigation, Microsoft said the hackers used a password spray technique to access a legacy non-production test tenant account.
To those of you who don’t know, password spraying is a type of brute force attack where the perpetrators attempt to log in to a target account with a set of potential credentials. Once they fail with one combination, they repeat the process with another set until they succeed or run out of the list.
Anyhow, Microsoft said it’s in the process of informing the affected employees, including some from it’s leadership team, cybersecurity and legal departments. Furthermore, the company told the perpetrators “were initially targeting email accounts for information related to Midnight Blizzard itself”.
Reiterating that the breach was not caused due to a vulnerability in their products, Microsoft recorded no material impact on it’s operations, due to this incident.
Other Trending News:- News