Microsoft Executive Emails Hacked By Russian Intelligence Group, Company Says (cnbc.com) 25
In a regulatory filing today, Microsoft said that a Russian intelligence group hacked into some of the company's top executives' email accounts. CNBC reports: Nobelium, the same group that breached government supplier SolarWinds
in 2020, carried out the attack, which Microsoft detected last week, according to the company. The announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material impact, it still wanted to honor the spirit of the rules.
In late November, the group accessed "a legacy non-production test tenant account," Microsoft's Security Response Center wrote in the blog post. After gaining access, the group "then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents," the corporate unit wrote. The company's senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella. Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.
The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds' Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack. Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium. It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee's systems.
In late November, the group accessed "a legacy non-production test tenant account," Microsoft's Security Response Center wrote in the blog post. After gaining access, the group "then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents," the corporate unit wrote. The company's senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella. Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.
The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds' Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack. Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium. It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee's systems.
Good security job. (Score:2)
Are they telling me now that only Anna Chapman knows what really happened between Altman and Nadela? Damn...
Security (Score:3)
A legacy non-production test tenant account had access to email? What?
Re:Security (Score:4, Insightful)
They are just trying to confuse the issue. The simple fact is that one of their executives got hacked because of abysmally bad security of their cloud offering.
not surprising (Score:4, Insightful)
anyone who runs a honeypot has seen Azure/MS Corp in their logging every day, brute forcers, port scanners, stuffers, every kind of abuse 24/7, MS security is so piss poor weak it can take months for any response, its so bad the honeypot/security community has given up reporting them due to the massive requirements (you have packet captures ? lol) before they tell you "its not us, its our customer, if we send your P2 life history to them they might stop),
AWS/GC will be there too, pwn a 365 tenant and you are in, lateral movement is easy due to firewall rules often trusting adjacent hosts, joke of a platform.
If you still use the cloud in 2024 you are as good as pwned either today , or tomorrow.
Re: (Score:3, Informative)
anyone who runs a honeypot has seen Azure/MS Corp in their logging every day, brute forcers, port scanners, stuffers, every kind of abuse 24/7, MS security is so piss poor weak it can take months for any response, its so bad the honeypot/security community has given up reporting them due to the massive requirements (you have packet captures ? lol) before they tell you "its not us, its our customer, if we send your P2 life history to them they might stop),
AWS/GC will be there too, pwn a 365 tenant and you are in, lateral movement is easy due to firewall rules often trusting adjacent hosts, joke of a platform.
If you still use the cloud in 2024 you are as good as pwned either today , or tomorrow.
And on the same page it was reported in Australia, there's a link to an earlier story about Microsoft's 'cyber-shield' plan for Australia.
https://www.abc.net.au/news/20... [abc.net.au]
Australia is now safe from those Russian nogoodniks!
Re: (Score:1)
And the funny thing, Putin is still using Windows XP, at least one computer shown in a picture a few years ago. If Putin has actually ordered Russia government not to use or at least upgrade newer Windows versions on any of their computers, that would means he knows what Microsoft is doing.
"Despite the concerns of some engineers, SMCS-NG was created as a port to Microsoft Windows of the SMCS infrastructure and applications, a move which some commentators have termed "Windows for Warships". The UK's Defence Ministry later gave assurances, through questions in the UK parliament, that this is a low risk use of Microsoft Windows."
https://en.wikipedia.org/wiki/... [wikipedia.org]
Maybe Putin beta tested "Windows for Warships" and gave it a "100% safe rating" in his report to the UK parliament.
Re: (Score:2)
Oh well. (Score:2)
Oopsie.
Like Microsoft Could Actually Tell (Score:2)
Was probably North Koreans or some various desert dwellers used Russian proxies.
Microsoft customers: ask yourselves (Score:5, Insightful)
Why would you entrust your data to Microsoft when they're not even capable of securing the data of their own executives?
Re: (Score:2)
Because their engineers are still good people. Executives at every level at every company suck. They fail upwards.
Re: (Score:3, Insightful)
Good people they may be, but they're proven consistentlly less than competent for close to five decades. Microsoft is and has always been a byword for poor code that is slow, bloated and full of vulnerabilities.
Re: (Score:2)
You are thinking of apple. https://en.wikipedia.org/wiki/... [wikipedia.org]
Fascinating reading, no doubt... (Score:2)
Hey Fred, I like money, do you like money? Yeah, I also like money! I would like even more money. Maybe we can fire someone and take their money? Good idea, that would be more money for us. Maybe Jim knows someone we can fire? Hey, Jim, know anyone we can fire so we can have their money? Oh yeah, i know someone we can fire and keep thei money. That is a good plan because I like money. Do you guys like money, too?
Should not have uses MS products... (Score:2)
MS security sucks. MS cloud security sucks so badly, it is not funny anymore. Why would anybody in their right mind use a product _this_ exceptionally bad?
Re: (Score:2)
MS security sucks. MS cloud security sucks so badly, it is not funny anymore. Why would anybody in their right mind use a product _this_ exceptionally bad?
Inertia, all based on the time that "the cloud" was hailed as perfectly secure, and that Microsoft, with its largest installed user base, was the pinnacle of Personal computing.
Re: (Score:2)
One hell of an inertia. You are not wrong though. Well, MS very nearly had Azure burn down last year. I guess they need to die in a fire before people understand how stupid it is to trust them basically for anything. I happen to know what Google does to keep its cloud secure. Not perfect, but they are making a real and credible effort. Somehow this whole MS shitshow reminds me of Boeing.
Re: (Score:2)
They won't have it (Score:3)
In my experience in IT, executives, namely all the professions in departments named in TFA simply won't have it. These people simply don't want to have to do security things. In my experience, they're "I want to just turn it on" "We need security, but exception for me...and my admin...and all the interns for the department so they can run my reports." "30 days? I just want a simple password that I can change a little then." And the classic, "I'm not paid x/didn't go to school x years for tuh hafta do stuff."
If you've worked with privileged "yes, security, but just us, OK?" this stirs zero surprise.
Russian Intelligence Group (Score:2)
That's gotta be the biggest oxymoron I've heard in a while.
Now the ruskies know (Score:2)
...the truth about flippy!