On Friday, Microsoft disclosed that a hacker group called Midnight Blizzard, also known as APT29 or Cozy Bear, had hacked a number of corporate email accounts, including those of the company’s “senior leadership team and employees.” account, the group is widely believed to be sponsored by the Russian government. Our cybersecurity, legal and other functions. “
Oddly, the hackers did not target their usual target customer data or traditional company information. According to the company, they want to know more about themselves, or more specifically, they want to know how much Microsoft knows about them.
contact us
Do you have any more information about this hack? We’d love to hear from you. On non-work devices, you can contact Lorenzo Franceschi-Bicchierai securely via Signal (phone +1 917 257 1382) or via Telegram, Keybase and Wire @lorenzofb or email lorenzo@techcrunch.com. You can also contact TechCrunch through SecureDrop.
“The investigation revealed that their initial goal was to obtain information related to the Midnight Blizzard itself through email accounts,” the company wrote in a blog post and SEC disclosure.
According to Microsoft, the hackers used a “password spray attack” (essentially a brute force attack) on the old account and then used the account’s permissions to “access a small number of Microsoft corporate email accounts.”
Microsoft did not disclose how many email accounts were compromised or specific information that the hackers accessed or stole.
A company spokesman did not immediately respond to a request for comment.
Microsoft used news of the hack to talk about how they would take steps to make themselves more secure.
“For Microsoft, this incident highlights the urgent need to act more quickly. We will take immediate action to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even if these changes may disrupt existing business Process interruption,” the company wrote. “This may cause some disruption as we adjust to this new reality, but it is a necessary step and just the first step we are taking to embrace this philosophy.”
APT29, or Cozy bear, is widely believed to be a Russian hacking group responsible for a series of high-profile attacks, such as the 2019 attack on SolarWinds, the 2015 attack on the Democratic National Committee, and more.
