Microsoft revealed today that it discovered a nation-state attack on its enterprise systems from a Russian state-backed hacker group responsible for the sophisticated SolarWinds attack. Microsoft said the hackers, known as Nobelium, gained access to the email accounts of some members of its senior leadership team late last year.
“Beginning in late November 2023, threat actors used password spray attacks to compromise a legacy non-production test tenant account and gain a foothold, then used the account’s permissions to access a very small percentage of Microsoft enterprise email accounts, including members of our senior leadership team and employees from cybersecurity, legal and other functions, and stole a number of emails and attachments,” Microsoft Security Response said in a blog post filed late Friday.
Microsoft said the group “initially targeted email accounts” to obtain information about itself, but it was unclear what other emails and files were stolen in the process. Microsoft only discovered the attack last week on January 12, and the company has not revealed how long the attackers were able to gain access to its systems.
“This attack was not caused by a vulnerability in a Microsoft product or service. To date, there is no evidence that threat actors had access to customer environments, production systems, source code, or artificial intelligence systems,” Microsoft said.
The attack comes just days after Microsoft announced plans to overhaul its software security in the wake of a major Azure cloud attack. Although Microsoft customers do not appear to be affected by this new incident, and it is not caused by a Microsoft vulnerability, this is still the latest in a series of cybersecurity incidents at Microsoft. It found itself at the center of the SolarWinds attack nearly three years ago, followed by 30,000 organizations’ email servers being hacked in 2021 due to a Microsoft Exchange Server flaw, and Chinese hackers breaching the Microsoft cloud last year U.S. government emails.
Microsoft is now changing the way it designs, builds, tests and operates software and services. It’s the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after a huge flaw in Windows XP took PCs offline.
