Microsoft executive emails hacked by Russian intelligence group, company says

Satya
Nadella,
CEO
of
Microsoft.

CNBC

Microsoft
said
in
a
Friday

regulatory
filing
that
a
Russian
intelligence
group
accessed
some
of
the
software
maker’s
top
executives’
email
accounts.
Nobelium,
the
same
group
that
breached
government
supplier

SolarWinds
in
2020,
carried
out
the
attack,
which
Microsoft
detected
last
week,
according
to
the
company.

It
isn’t
the
first
time
Russian
hackers
have
gained
entry
into
Microsoft’s
systems.
State-sponsored
attacks
that
can
result
in
the
dissemination
of
sensitive
data
becomes
a
greater
risk
during
periods
of
armed
conflict,
and
Russia’s
war
against
Ukraine
has
been
going
on
for
almost
two
years
now.
On
Thursday,
Russia
said
Ukrainian
forces
conducted

drone
strikes
in
multiple
Russian
locations.

Microsoft’s
announcement
comes
after

new
U.S.
requirements
for
disclosing
cybersecurity
incidents
went
into
effect.
A
Microsoft
spokesperson
said
that
while
the
company
does
not
believe
the
attack
had
a
material
effect,
it
still
wanted
to
honor
the
spirit
of
the
rules.

The
Cybersecurity
and
Infrastructure
Security
Agency
is
“closely
coordinating
with
Microsoft
to
gain
additional
insights
into
this
incident
and
understand
impacts
so
we
can
help
protect
other
potential
victims,”
CISA
executive
assistant
director
for
cybersecurity
Eric
Goldstein
said
in
a
statement
to
CNBC.
“As
noted
in
Microsoft’s
announcement,
at
this
time
we
are
not
aware
of
impacts
to
Microsoft
customer
environments
or
products.”

In
late
November,
the
group
accessed
“a
legacy
non-production
test
tenant
account,”
Microsoft’s
Security
Response
Center
wrote
in
the
blog
post.
After
gaining
access,
the
group
“then
used
the
account’s
permissions
to
access
a
very
small
percentage
of
Microsoft
corporate
email
accounts,
including
members
of
our
senior
leadership
team
and
employees
in
our
cybersecurity,
legal,
and
other
functions,
and
exfiltrated
some
emails
and
attached
documents,”
the
corporate
unit
wrote.

The
company’s
senior
leadership
team,
including
Chief
Financial
Offer
Amy
Hood
and
President
Brad
Smith,
regularly
meets
with
CEO
Satya
Nadella.

Microsoft
said
it
has
not
found
signs
that
Nobelium
had
accessed
customer
data,
production
systems
or
proprietary
source
code.

The
U.S.
government
and
Microsoft
consider
Nobelium
to
be
part
of
the
Russian
foreign
intelligence
service
SVR.
The
hacking
group

was
responsible
for
one
of
the
most
prolific
breaches
in
U.S.
history
when
it
added
malicious
code
to
updates
to
SolarWinds’
Orion
software,
which
some

U.S.
government
agencies
were
using.

Microsoft
itself
was
ensnared
in
the
hack.

Nobelium,
also
known
as
APT29
or
Cozy
Bear,
is
a
sophisticated
hacking
group
that
has
attempted
to
breach
the
systems
of
U.S.
allies
and
the
Department
of
Defense.
Microsoft
also
uses
the
name
Midnight
Blizzard
to
identify
Nobelium.

It
was
also
implicated
alongside
another
Russian
hacking
group
in
the

2016
breach
of
the
Democratic
National
Committee’s
systems.

Last
year,
a
vulnerability
in
Microsoft
software
allowed
China-aligned
hackers
to
access
the
email
accounts
of

senior
government
officials,
including
Commerce
Secretary
Gina
Raimondo,
ahead
of
a
critical
U.S.-China
meeting.
The
company’s
“negligent
cybersecurity
practices”
led
to
the
attack,
Sen.
Ron
Wyden,
a
Democrat
from
Oregon,
wrote
in

a
letter
to
CISA
director
Jen
Easterly,
and
other
federal
officials.

“We
are
continuing
our
investigation
and
will
take
additional
actions
based
on
the
outcomes
of
this
investigation
and
will
continue
working
with
law
enforcement
and
appropriate
regulators,”
the
Microsoft
blog
post
said.