The hackers responsible for the SolarWinds cyberattack are the same ones.
A hacker organization that is connected to a Russian intelligence agency gained access to the emails of a number of top executives and other staff at Microsoft, according to a disclosure made by the firm on Friday.
A hacking organization known as Midnight Blizzard or Nobelium is responsible for the attack, according to Microsoft, which stated that it discovered the incident on January 12 and has investigated the matter. This is the same organization that was responsible for the hack on SolarWinds in 2020. Nobelium is a component of Russia’s Foreign Intelligence Service (SVR), according to officials from Microsoft and the United States Department of Homeland Security.
The company wrote in a blog post that “beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold.” After that, the threat actor used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, which included members of our senior leadership team as well as employees working in our cybersecurity, legal, and other functions. Additionally, the threat actor exfiltrated some emails and documents that were attached to those emails.
However, the firm stated that its first assessment indicated that the group was looking for material linked to itself. The corporation did not disclose which members of its “senior leadership” were targeted or why they were targeted. The administrators of the company have not yet found any evidence to support the claim that “customer environments, production systems, source code, or AI systems” were entered into.
Despite the fact that the corporation has stated that the attack “was not the result of a vulnerability in Microsoft products or services,” it has taken measures to “immediately” improve the security of “Microsoft-owned legacy systems and internal business processes.”” It went on to say that the modifications “will most likely cause some level of disruption.”