Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Microsoft Privacy

Microsoft Executive Emails Hacked By Russian Intelligence Group, Company Says (cnbc.com) 25

In a regulatory filing today, Microsoft said that a Russian intelligence group hacked into some of the company's top executives' email accounts. CNBC reports: Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack, which Microsoft detected last week, according to the company. The announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material impact, it still wanted to honor the spirit of the rules.

In late November, the group accessed "a legacy non-production test tenant account," Microsoft's Security Response Center wrote in the blog post. After gaining access, the group "then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents," the corporate unit wrote. The company's senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella. Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.

The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds' Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack. Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium. It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee's systems.

This discussion has been archived. No new comments can be posted.

Microsoft Executive Emails Hacked By Russian Intelligence Group, Company Says

Comments Filter:
  • Are they telling me now that only Anna Chapman knows what really happened between Altman and Nadela? Damn...

  • by TwistedGreen ( 80055 ) on Friday January 19, 2024 @10:54PM (#64174461)

    A legacy non-production test tenant account had access to email? What?

  • not surprising (Score:4, Insightful)

    by Anonymous Coward on Friday January 19, 2024 @11:10PM (#64174469)

    anyone who runs a honeypot has seen Azure/MS Corp in their logging every day, brute forcers, port scanners, stuffers, every kind of abuse 24/7, MS security is so piss poor weak it can take months for any response, its so bad the honeypot/security community has given up reporting them due to the massive requirements (you have packet captures ? lol) before they tell you "its not us, its our customer, if we send your P2 life history to them they might stop),
    AWS/GC will be there too, pwn a 365 tenant and you are in, lateral movement is easy due to firewall rules often trusting adjacent hosts, joke of a platform.

    If you still use the cloud in 2024 you are as good as pwned either today , or tomorrow.

    • Re: (Score:3, Informative)

      by Ferocitus ( 4353621 )

      anyone who runs a honeypot has seen Azure/MS Corp in their logging every day, brute forcers, port scanners, stuffers, every kind of abuse 24/7, MS security is so piss poor weak it can take months for any response, its so bad the honeypot/security community has given up reporting them due to the massive requirements (you have packet captures ? lol) before they tell you "its not us, its our customer, if we send your P2 life history to them they might stop),
      AWS/GC will be there too, pwn a 365 tenant and you are in, lateral movement is easy due to firewall rules often trusting adjacent hosts, joke of a platform.

      If you still use the cloud in 2024 you are as good as pwned either today , or tomorrow.

      And on the same page it was reported in Australia, there's a link to an earlier story about Microsoft's 'cyber-shield' plan for Australia.
      https://www.abc.net.au/news/20... [abc.net.au]

      Australia is now safe from those Russian nogoodniks!

  • Was probably North Koreans or some various desert dwellers used Russian proxies.

  • by Rosco P. Coltrane ( 209368 ) on Saturday January 20, 2024 @03:29AM (#64174653)

    Why would you entrust your data to Microsoft when they're not even capable of securing the data of their own executives?

  • Hey Fred, I like money, do you like money? Yeah, I also like money! I would like even more money. Maybe we can fire someone and take their money? Good idea, that would be more money for us. Maybe Jim knows someone we can fire? Hey, Jim, know anyone we can fire so we can have their money? Oh yeah, i know someone we can fire and keep thei money. That is a good plan because I like money. Do you guys like money, too?

  • MS security sucks. MS cloud security sucks so badly, it is not funny anymore. Why would anybody in their right mind use a product _this_ exceptionally bad?

    • MS security sucks. MS cloud security sucks so badly, it is not funny anymore. Why would anybody in their right mind use a product _this_ exceptionally bad?

      Inertia, all based on the time that "the cloud" was hailed as perfectly secure, and that Microsoft, with its largest installed user base, was the pinnacle of Personal computing.

      • by gweihir ( 88907 )

        One hell of an inertia. You are not wrong though. Well, MS very nearly had Azure burn down last year. I guess they need to die in a fire before people understand how stupid it is to trust them basically for anything. I happen to know what Google does to keep its cloud secure. Not perfect, but they are making a real and credible effort. Somehow this whole MS shitshow reminds me of Boeing.

    • I'm sorry I do not understand M$ problem. How can a multi-multi-billion dollar computer software  company NOT have the worlds best security for their chief company officers. Shouldn't each-one of them have a personal security agent ( vis' my MOB ) trailing them around ensuring best-of-practice. behavior and tools. Why not  ? 
  • by byronivs ( 1626319 ) on Saturday January 20, 2024 @01:05PM (#64175191) Journal

    In my experience in IT, executives, namely all the professions in departments named in TFA simply won't have it. These people simply don't want to have to do security things. In my experience, they're "I want to just turn it on" "We need security, but exception for me...and my admin...and all the interns for the department so they can run my reports." "30 days? I just want a simple password that I can change a little then." And the classic, "I'm not paid x/didn't go to school x years for tuh hafta do stuff."
     
    If you've worked with privileged "yes, security, but just us, OK?" this stirs zero surprise.

  • That's gotta be the biggest oxymoron I've heard in a while.

  • ...the truth about flippy!

The question of whether computers can think is just like the question of whether submarines can swim. -- Edsger W. Dijkstra

Working...