Microsoft has said that a Russian intelligence group accessed some of the software maker’s top executives’ email accounts earlier this week.
The company said Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack.
The company confirmed the group stole some emails and documents from staff accounts.
They also confirmed this included members of the senior leadership team and employees in its cybersecurity, legal, and other functions.
Microsoft confirmed the group stole some emails and documents from staff accounts.
Getty
The company said the hackers used a "password spray attack" starting in November 2023 to breach a Microsoft platform.
Hackers use this technique to infiltrate a company's systems by using the same compromised password against multiple related accounts.
The Russian Embassy in Washington and Ministry of Foreign Affairs did not immediately respond to a request for comment from Reuters.
Microsoft said it investigated the incident and disrupted the malicious activity, blocking the group's access to its systems.
LATEST DEVELOPMENTS
The US Securities and Exchange Commission (SEC) mandates publicly-owned companies to promptly disclose cyber incidents.
Getty
A spokesperson from the company said: "This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard."
It was noted that the attack was not the result of a specific vulnerability in it products or services.
The company blog reads: "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
Microsoft's announcement follows a new regulatory requirement implemented by the U.S. Securities and Exchange Commission (SEC) in December that mandates publicly-owned companies to promptly disclose cyber incidents.
The legislation states that companies impacted by cyber incidents must file a report about a hack's impact within four business days of discovery.
Companies must disclose the time, scope and nature of the breach to the government.
Midnight Blizzard is also known as APT29, Nobelium or Cozy Bear by cybersecurity researchers and linked to Russia's SVR spy agency, according to U.S. officials.
The group is best known for its intrusions of the Democratic National Committee surrounding the 2016 U.S. election.