Russian hackers accessed emails from Microsoft senior leadership
A group of Russian hackers uncovered as the attackers of the Solar Winds attack: Microsoft, Cozy Bear, and the Security Development Lifecycle
A group of Russian state-sponsored hackers were responsible for the SolarWinds attack and now Microsoft is revealing a nation-state attack on its corporate systems. The company says the hackers were able to gain access to some email accounts late last year.
Microsoft is modifying the way it operates and designs its software. It’s the biggest change to its security approach since the company announced its Security Development Lifecycle (SDL) in 2004 after huge Windows XP flaws knocked PCs offline.
The main focus of the SVR is intelligence-gathering. Most of it is focused on governments, diplomats, think tanks and IT service providers in the US and Europe.
Microsoft calls it a hacking unit. Prior to revamping its threat-actor nomenclature last year, it called the group Nobelium. The cybersecurity firm Mandiant, owned by Google, calls the group Cozy Bear.
Microsoft Responds to the SEC’s “Discriminant Threat” in an e-Mail Message on the Microsoft Exchange Server (MSFT)
The Microsoft disclosure is one of the first to take place since the SEC’s new rule took effect. Unless they get a national-security waive, they only have four days to do it.
In Friday’s SEC regulatory filing, Microsoft said that “as of the date of this filing, the incident has not had a material impact” on its operations. It didn’t say whether the incident is likely to impact its finances.
The threat actor uses a single common password to try to log into multiple accounts. In an August blog post, Microsoft described how its threat-intelligence team discovered that the same Russian hacking team had used the technique to try to steal credentials from at least 40 different global organizations through Microsoft Teams chats.