Microsoft revealed on Friday that the hacking group known as Midnight Blizzard, APT29, or Cozy Bear, believed to be linked to the Russian government, successfully breached corporate email accounts. The targets included members of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other departments.
Interestingly, the hackers deviated from the typical motive of seeking customer data or standard corporate information. Instead, their focus was on discovering what Microsoft knew about them. According to Microsoft, the investigation suggests that the hackers initially targeted email accounts to gather information related to Midnight Blizzard itself.
The attack employed a “password spray attack,” essentially a brute force tactic, on a legacy account. Subsequently, the compromised account’s permissions were exploited to access a limited number of Microsoft corporate email accounts. Microsoft did not disclose the exact number of breached email accounts or specify the information accessed or stolen by the hackers.
Microsoft took the opportunity to discuss its commitment to enhancing security measures in light of the incident. The company emphasized the need to accelerate security efforts and announced plans to apply current security standards to its legacy systems and internal business processes. This proactive approach, despite potential disruptions, signifies Microsoft’s dedication to adapting to a new security reality.
APT29, also known as Cozy Bear, is widely recognized as a Russian hacking group responsible for notable cyberattacks, including those against SolarWinds in 2019, the Democratic National Committee in 2015, and various others.