Microsoft says it suffered an attack from a Russian group that hacked SolarWinds

Microsoft confirmed that it was the target of an invasion caused by an already notorious group of cybercriminals. Those responsible for the attack had access to corporate emails for about a month within the company’s systems.

According to the report from the Microsoft security team, The attack was only identified on January 12 of this year, but it had been underway since the end of November 2023. Everything happened from an old and unused account, which had its password identified.

The method used was the password spray, a brute force technique that attempts to access multiple accounts using a single password. This process is repeated several times until the correct code is found.

An account without extra protection and with an already compromised password allowed the attack.Source: GettyImages

In this case, the stolen email possibly had a weak password and was still lacking two-factor authentication, an important security mechanism that Microsoft recommends to all users.

“A very small percentage” of corporate emails were accessed, including messages from “senior team leaders and employees across divisions such as cybersecurity, legal, and others”.

According to the brand, only the messages and attached files were obtainedwithout compromising the personal data of these employees or consumer information.

Group that invaded Microsoft already has a long history

Those responsible for the attack are known as Midnight Blizzard or Nobelium. The gang already has a long resume of invasions.

They were the authors, for example, of the famous SolarWinds hack in 2020. The network management software was compromised in 2020 and affected Microsoft’s own systems — in what it considers to be “the largest ever seen” in terms of number of victims .

SolarWinds was the gateway to the 2020 hack.Source: SolarWinds

A year later, the same team managed to access Microsoft’s own servers. The company states that it will continue investigations and is already working with authorities to define the exact scope of the attack. More details about the case are expected to be revealed soon.

According to the company’s ongoing investigation, cybercriminals were after specific information about themselves. The group likely wanted to know how much the company knew about them, perhaps to continue carrying out attacks or change plans in the event of ongoing police operations.

Additionally, Microsoft confirmed that it is changing some internal software and service testing processes to prevent similar thefts. In terms of structure, this is the biggest change in the sector since 2004.