TechMicrosoft hit by russian hackers: No customer data compromised

Microsoft hit by russian hackers: No customer data compromised

The tech giant announced a cyberattack on their information systems occurred on January 12, 2024. This was reportedly executed by overseas entities. The company's security team quickly initiated remedial measures which interrupted the hackers' activity and subsequently enabled them to identify the source of the intrusion. According to Microsoft, the group involved in the breach refers to itself as "Midnight Blizzard" and is likely backed by the Russian Federation.

Microsoft logo on the building
Microsoft logo on the building
Images source: © Licensor

12:34 PM EST, January 21, 2024

What were the hackers after?

Microsoft's statement notes that the hackers only penetrated a limited number of the company's corporate email accounts, inclusive of those belonging to executives. Employees from the security and legal departments also had their email accounts compromised. There's no evidence that hackers accessed any customer data or artificial intelligence systems.

<>

The hackers pilfered some emails and attached documents. Upon investigation, it became clear that their primary objective was to discover information about the Midnight Blizzard group itself. They sought to learn how much information about them had been gathered by the tech corporation. This tactic parallels the group's past actions, which include their 2020 assault on the SolarWinds company. Subsequently, they tried to monitor the US government's response to their hacking attempts.

How did the hackers infiltrate Microsoft?

Microsoft disclosed that the hackers secured access to accounts through what's known as "password spraying". This method entails testing large volumes of commonly used passwords across numerous accounts, hoping for a few successful hits. Through this approach, they infiltrated some older accounts, which were subsequently utilized to compromise other accounts.

The company has not shared the exact number of breached accounts or the nature of the compromised information. Microsoft has, however, pledged to implement strategies promptly to forestall any future intrusions of this kind.

Related content
© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.