Breach Notification , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Microsoft Is Warning More Customers About Russian State Hack

Company Is Sending Email Alerts to Customers Whose Data Was Accessed by Hackers
Microsoft Is Warning More Customers About Russian State Hack
Image: Shutterstock

Microsoft is alerting more of its customers whose data may have been accessed by Russian state hackers following a January attack that compromised the email accounts of company executives.

See Also: On Thin ICES: Augmenting Microsoft 365 with Integrated Cloud and Email Security

A number of Office 365 administrators earlier this week took to Reddit to say emails from the Microsoft support team informed them that their emails have been accessed by Russian hacking group Midnight Blizzard.

Microsoft also shared a link to a custom-built secure system and asked the email recipients to use their Tenant ID to access the portal and review the customer data accessed by the hackers.

"This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that the Midnight Blizzard threat actor exfiltrated, and we are providing the customers the email correspondence that was accessed by this actor," a company spokesperson told Bloomberg.

The data leak stemmed from a January disclosure that the company attributed to Russian foreign intelligence service hackers. The threat actors exfiltrated email and documents from the email accounts of senior leadership and employees in its cybersecurity and legal departments (see: Microsoft: Russian Hackers Had Access to Executives' Emails).

The Russian hacking group is also known as APT29 or Cozy Bear. The Biden administration identified it as part of the Russian Foreign Intelligence Service in 2021 when it blamed the group for inserting a backdoor into IT infrastructure software developed by SolarWinds.

The latest disclosure from the company comes amid mounting criticism of Microsoft over high-profile security failures. Recently, Microsoft President Brad Smith during a U.S. congressional hearing acknowledged responsibility for a series of security failures that allowed Russian and Chinese state-sponsored actors to target government institutions across the world and the company (see: Microsoft President Admits to Major Security Failures).

The U.S. Cybersecurity and Infrastructure Security Agency earlier this month invoked emergency powers to direct federal agencies to reset credentials and review account logs for potentially malicious activity in Microsoft environments (see: CISA Warns Russian Microsoft Hackers Targeted Federal Emails).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.