A recent report from cybersecurity firm FireEye has revealed that a Russian hacking group known as APT29 or Cozy Bear has compromised the email accounts of several senior Microsoft executives. The hackers used a sophisticated phishing campaign to trick victims into clicking on malicious links that installed a backdoor on their devices, allowing the attackers to access their emails and other sensitive data.
According to FireEye, the hacking group is likely linked to the Russian government and has been targeting organizations involved in COVID-19 vaccine research, as well as government agencies, think tanks and media outlets. The group is also believed to be behind the SolarWinds breach that affected thousands of organizations in 2020.
Microsoft confirmed the incident and said it is working closely with FireEye and other partners to investigate and respond to the attack. The company also said it has taken steps to secure its network and protect its customers from any potential harm.
The breach is another reminder of the growing cyber threats facing organizations and individuals in the digital age. It also highlights the need for strong cybersecurity practices and awareness among employees, especially those who handle sensitive or confidential information. As FireEye CEO Kevin Mandia said, “This incident demonstrates why the security industry must work together to defend against and respond to these pernicious threats.”
Microsoft discloses cyber attack by Russian hacking group
Microsoft has announced that it was the target of a sophisticated cyberattack by a Russian hacking group known as Midnight Blizzard or Nobelium. This is the same group that was behind the SolarWinds breach in 2019.
The attack took place on Jan. 12, when hackers used a password-spraying technique to gain access to a non-production legacy test tenant account. From there, they were able to view a small number of Microsoft corporate email accounts, including some members of the senior leadership team and staff in legal, cybersecurity and other roles.
Microsoft says the hackers were specifically interested in information related to Midnight Blizzard and did not exploit any vulnerabilities in Microsoft systems or products. The company also says there was no impact on its customers or services.
Microsoft is conducting a thorough investigation into the incident and is working with the relevant authorities and regulators. The company says it will take further action based on the findings and will continue to monitor and protect its networks from malicious actors.