Microsoft claims that its executives were spied on by hackers funded by the Russian government

On Friday, Microsoft revealed that a cyberattack was carried out on January 12th by a Russian state-sponsored hacking group. The attack is linked to the “Midnight Blizzard” or APT29 hackers, who tried to attack Microsoft’s corporate systems and stole emails and documents from a small number of staff accounts.
As per the information provided by Microsoft, hackers had access to a “very small percentage” of corporate email accounts that belonged to senior management and various stakeholders such as cybersecurity experts, lawyers, and other functional teams. No particular vulnerability in Microsoft’s products or services was identified for the breach.

Technique used for theft
From November 2023, the cyber attackers resorted to a "password spray attack" where they attacked the Microsoft platform using one common password with different user credentials. This tactic was carried out by using one password that is revealed from a compromised account for various affiliated accounts, providing the attacker access to company systems. Microsoft’s threat research team said that Midnight Blizzard was the mastermind behind this hacking campaign.

Motivation Behind the Attack
While conducting an investigation, Microsoft concluded that the original cause of this attack was to obtain data information about Midnight Blizzard’s activities. However, the hackers were trying to find out from Microsoft what they knew about them and their activities pointing out that this was a strategic attack on Microsoft.
Microsoft assured its customers that there was no indication showing that the threat actor had access to customer environments, production systems, source code, or AI. The steps that the company took were quick, and they prevented the attack from being amplified to other email accounts.

Russian Government's Silence
Although the cyber attack was so serious, no reaction has been received yet from the Russian Embassy in Washington or the Ministry of Foreign Affairs. However, Microsoft quickly reacted and stopped the destructive activity, blocking the access of hackers to its systems.
This disclosure is under regulations introduced by the SEC in December. Such companies as Microsoft are made to publicly disclose their cyber incidents in four business days following the discovery of time, scope, and nature.

Who is Midnight Blizzard (APT29)?
Midnight Blizzard or APT29, Nobelium, and Cozy Bear is a  hacking group associated with Russia’s SVR spy which gained recognition for its breaches primarily through the 2016 US election interference. The products of Microsoft that are widely used in the U.S. government have faced cyberattacks from nation-state threat attackers globally due to subpar security practices.