On Friday, Microsoft revealed that a hacking group it identifies as Midnight Blizzard, also known as APT29 or Cozy Bear—a group widely thought to be backed by the Russian government—breached certain corporate email accounts. These included accounts belonging to the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.”
Surprisingly, the hackers didn’t target customer data or typical corporate information. Instead, their focus was on themselves, or more precisely, they aimed to discover what Microsoft knows about them, as per the company’s disclosure.
Microsoft detailed that the hackers employed a “password spray attack,” essentially using brute force on a legacy account. Subsequently, they utilized the permissions of that account to gain access to a small percentage of Microsoft’s corporate email accounts.
The disclosure did not specify the number of breached email accounts or the exact information accessed or stolen by the hackers. Microsoft representatives did not immediately respond to requests for comment.
In response to the incident, Microsoft took the opportunity to discuss its commitment to enhancing security measures. The company acknowledged the need to accelerate its efforts, pledging to promptly apply existing security standards to its legacy systems and internal business processes. Despite potential disruptions to current business processes, Microsoft emphasized the necessity of adapting to this new reality and outlined this step as the first of several to fortify security.
APT29, also known as Cozy Bear, is widely recognized as a Russian hacking group implicated in various high-profile attacks, including those against SolarWinds in 2019, the Democratic National Committee in 2015, and numerous others.