An elite hacking group sponsored by Russian intelligence gained access to the emails of some of Microsoft’s senior executives beginning in late November, the company disclosed in a blog post and regulatory filing on Friday.
Microsoft said it had discovered the intrusion a week ago and was still investigating. The hackers appeared to focus on combing through Microsoft’s corporate email accounts to look for information related to the hacking group, which Microsoft’s researchers called Midnight Blizzard.
The hackers looked through emails from Microsoft’s senior leadership team as well as employees in cybersecurity, legal and other groups, and took some emails and attachments, the company said. The company, which had worked with cybersecurity firms and governments to investigate previous attacks by the hacking group, did not name the executives whose emails were targeted.
The Russian Foreign Intelligence Service has run the hacking group since at least 2008, according to the U.S. Cybersecurity and Infrastructure Security Agency. The group is known by a variety of nicknames, including Cozy Bear, the Dukes and A.P.T. 29, and has been behind a number of high-profile hacks, according to previous U.S. government investigations.
Targets have included the computers of the Democratic National Committee in 2015 and the tech supplier SolarWinds, which allowed Russia to gain access to systems at the State Department, the Department of Homeland Security and parts of the Pentagon in 2020. Microsoft called that incident “the most sophisticated nation-state cyberattack in history.”
The method used in the new hack appears to be less exotic — a relatively basic tactic known as password spraying, in which hackers try common passwords on a vast array of accounts. The group, which has been known to use this tactic, found an opening in an old account for a testing system, and then used that account’s permissions to gain access to the corporate email accounts, Microsoft said.
“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or A.I. systems,” Microsoft said in a statement.
The regulatory filing said the company had notified and was working with law enforcement.
Microsoft, which supplies technology to many Western governments, has long been the target of nation-state hacking. Last year, Chinese hackers breached Microsoft’s systems and gained access to the email accounts of Commerce Secretary Gina M. Raimondo and other government officials.