Microsoft is alerting additional customers about potential data access by Russian state hackers following a January attack that compromised email accounts of company executives.
This week, several Office 365 administrators reported receiving emails from Microsoft support, informing them that their emails had been accessed by the Russian hacking group Midnight Blizzard. Microsoft provided a secure portal link, asking recipients to use their Tenant ID to review the compromised data.
"We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that the Midnight Blizzard threat actor exfiltrated, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg.
The data breach, attributed to Russian foreign intelligence service hackers, was initially disclosed in January. These hackers, also known as APT29 or Cozy Bear, exfiltrated emails and documents from senior leadership and employees in Microsoft's cybersecurity and legal departments. In 2021, the Biden administration identified APT29 as part of the Russian Foreign Intelligence Service, linking them to the SolarWinds software backdoor incident.
This latest disclosure comes amid increasing criticism of Microsoft over major security failures. Recently, during a U.S. congressional hearing, Microsoft President Brad Smith admitted responsibility for several breaches that allowed Russian and Chinese state-sponsored actors to target government institutions globally.
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency invoked emergency powers, directing federal agencies to reset credentials and review account logs for potential malicious activity in Microsoft environments.
Source: ET CISO.in, bankinfosecurity, bloomberg
No comments:
Post a Comment