Russian hackers who hacked Microsoft’s corporate email accounts, including those of the company’s “senior leadership team and employees”, also targeted other organizations, the tech giant has revealed.
Microsoft said that as part of its usual notification processes, “we have begun notifying these targeted organizations”.
The Microsoft security team detected a nation-state attack on its corporate systems on January 12, and immediately activated its response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
“It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate,” the company said.
‘Midnight Blizzard’ is a Russia-based threat actor attributed by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR.
This threat actor is known to primarily target governments, diplomatic entities, non-governmental organizations (NGOs), and IT service providers, primarily in the US and Europe.
“Their focus is to collect intelligence through longstanding and dedicated espionage of foreign interests that can be traced to early 2018,” according to Microsoft.
Their operations often involve the compromise of valid accounts and, in some highly targeted cases, advanced techniques to compromise authentication mechanisms within an organization to expand access and evade detection.
