In a blog post, Microsoft said the intrusion began in late November and was discovered on
“A very small percentage” of Microsoft corporate accounts were accessed, the company said, and some emails and attached documents were stolen.
A company spokesperson said Microsoft had no immediate comment on which or how many members of its senior leadership had their email accounts breached. In a regulatory filing Friday, Microsoft said it was able to remove the hackers' access from the compromised accounts on or about
“We are in the process of notifying employees whose email was accessed,” Microsoft said, adding that its investigation indicates the hackers were initially targeting email accounts for information related to their activities.
The Microsoft disclosure comes a month after a new
In Friday's
Microsoft, which is based in
The threat actor uses a single common password to try to log into multiple accounts. In an August blog post, Microsoft described how its threat-intelligence team discovered that the same Russian hacking team had used the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats.
“The attack was not the result of a vulnerability in Microsoft products or services,” the company said in the blog. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.”
Microsoft calls the hacking unit Midnight Blizzard. Prior to revamping its threat-actor nomenclature last year, it called the group Nobelium. The cybersecurity firm
In a 2021 blog post, Microsoft called the
The main focus of the SVR is intelligence-gathering. It primarily targets governments, diplomats, think tanks and IT service providers in the
Copyright 2024 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
, source