E-PaperMicrosoft alerts other organisations of Russia-backed hackers’ threats after email hacking incident
Microsoft's Threat Intelligence team has identified the Russian-sponsored hacking group Midnight Blizzard or Cozy Bear as the same actor that has targeted other organisations. Microsoft has started notifying the targeted organizations.
Microsoft Corporation has issued warnings to organisations, indicating they are targets of the Russian-sponsored group, Midnight Blizzard or Cozy Bear, the same group that hacked into the company's executives' emails late last year, Bloomberg reported.
The disclosure came through a blog post by Microsoft's Threat Intelligence team, stating that the group has been targeting various organisations. Microsoft has initiated notification processes for the targeted entities.
Also Read | FTC launches inquiry into artificial intelligence deals such as Microsoft's OpenAI partnership
Midnight Blizzard an Expanding Threat
Recent developments suggest that Midnight Blizzard's activities extend beyond Microsoft. Hewlett Packard Enterprise Co. (HPE) reported a breach in its cloud-based email system on January 24, attributing it to the activities of Midnight Blizzard. This signals a broader reach for the hacking group.
In a prior disclosure, Microsoft revealed that the group compromised a "legacy non-production test tenant account" to gain access to a "small number" of email accounts, including those of senior leadership and employees in cybersecurity and legal roles.
The initial target was information about Midnight Blizzard itself. The investigation later revealed that the compromised email account lacked multifactor authentication, a standard security measure.
Hewlett Packard Enterprise (HPE), an information technology provider, reported that it was notified on December 12 about a breach by a nation-state hacking group in its email systems. Investigators believe the hackers accessed and infiltrated data starting in May, primarily targeting a small percentage of HPE mailboxes from employees in cybersecurity and other departments.
Also Read | AI race propels Silicon Valley tech firms Microsoft, Meta, and Google to new highs. Here's why
Russian Link to Midnight Blizzard
The hackers, identified as Russia's SVR foreign intelligence agency, gained access to Microsoft by compromising credentials on a "legacy" test account, hinting at outdated code.
The United States government has linked the hacking group, also known as Nobelium, to Russia. This group gained notoriety for breaching SolarWinds Corp. in a massive cyber-espionage campaign against several federal agencies.
Also Read | Microsoft creates new Gen AI team to develop smaller and cheaper language models: Report
Microsoft highlighted that the recent breach shares a commonality with the SolarWinds hacking campaign, considered "the most sophisticated nation-state attack in history." The SVR primarily focuses on intelligence-gathering, targeting governments, diplomats, think tanks, and IT service providers in the US and Europe.
The recent activities of Midnight Blizzard further highlight the persistent threat posed by this Russian-linked hacking group.
- Top Gainers
- Top Losers
- 52 Week High
