Cybersecurity Alert: Microsoft Hacked by Russian State-Backed Group

Microsoft announced on January 19 that a hacker group supported by the Russian state hacked into its corporate systems on January 12 and stole some emails and documents from its employees' accounts

by Sededin Dedovic
Cybersecurity Alert: Microsoft Hacked by Russian State-Backed Group
© David Becker / Getty Images

Microsoft, the global technology giant, revealed on January 19 that it had fallen victim to a sophisticated cyber attack orchestrated by a Russian hacking group known as Nobelium or Midnight Blizzard. The breach, which occurred on January 12, resulted in unauthorized access and theft of emails and documents from Microsoft's corporate systems.

The attack, launched in November 2023, targeted the Microsoft platform, and the hacking group used a technique that involved using a common password to attempt to gain unauthorized access to multiple accounts. Microsoft's cybersecurity team has identified the same Russian hacking team as trying to steal credentials from at least 40 different global organizations through the Microsoft Teams program.

One alarming aspect of the breach was the discovery that a single password was used in an attempt to infiltrate multiple accounts. It is precisely because of such cases that robust cyber security measures are important in order to minimize the risks associated with weak password practices.

Microsoft email hacked

Microsoft clarified that despite its efforts, the Russian hacking group was able to access only a "very small percentage" of the company's corporate email accounts. This includes accounts belonging to senior management and other employees.

Recently, there have been constant and growing threats posed by hacker groups sponsored by Russia and some other countries, so great caution is needed, especially with the biggest companies like Microsoft, because hackers consider it a trophy.

This incident is not the first time Microsoft has faced a significant cybersecurity challenge. In a 2021 blog post, the company called the SolarWinds hacking campaign "the most sophisticated nation-state attack in history." The SolarWinds attack targeted various entities, including US government agencies such as the Justice and Treasury Departments, along with over 100 private companies and think-tank organizations.

Software and telecommunications providers were among those affected during the SolarWinds incident. Microsoft's admission of a recent failure tells us that even tech giants are not immune to cyber threats. In 2023, a record number of hacker attacks on successful companies was recorded, and it seems that this trend will continue this year as well.

Microsoft Russian