Microsoft Executive Emails Hacked By Russian Intelligence Group: Company Confirms Security Breach, Assures No Impact On Customer Data

Zinger Key Points
  • Microsoft’s regulatory filing notes that the attack was not the result of a vulnerability in its products or services.
  • The company also added that there is no evidence to suggest that either customer data or its AI systems were breached.

In a recent regulatory filing, Microsoft Corp. MSFT revealed that the email accounts of its top executives were breached by a Russian intelligence group.

What Happened: Microsoft’s regulatory filing states that Nobelium, the Russian intelligence group responsible for the 2020 SolarWinds breach, accessed the email accounts of several top Microsoft executives. Microsoft discovered the breach last week, as it noted on its security blog on Friday.

“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” a Microsoft spokesperson said.

See Also: Microsoft Tightens Belt At McGill: 20GB OneDrive And Outlook Caps For Students On ‘Security’ And ‘Sustainability’ Grounds

Microsoft’s disclosure follows new U.S. regulations that mandate the reporting of cybersecurity incidents. A Microsoft spokesperson stated that while the company doesn’t believe the attack had a significant impact, it aimed to uphold the new regulations’ intent.

In late November 2023, Nobelium accessed a “legacy non-production test tenant account,” as per Microsoft’s Security Response Center.

The group leveraged the account’s permissions to infiltrate a small portion of Microsoft’s corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other departments.

Both the U.S. government and Microsoft identify Nobelium as a part of the Russian foreign intelligence service SVR.

“We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators,” Microsoft added.

Why It Matters: Microsoft has been a target of hackers in the past. In July, China-based hackers exploited a vulnerability in Microsoft Cloud to access U.S. government emails for a month.

The attack took place ahead of a U.S.-China meeting and Commerce Secretary Gina Raimondo was amongst the senior U.S. government officials targeted.

Check out more of Benzinga’s Consumer Tech coverage by following this link.

Read Next: Masimo CEO ‘Wholeheartedly’ Feels Apple Watch Users Are Better Off Without Blood Oxygen Monitoring Feature

Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.

Photo by WEF on Flickr

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!