Kyle Marcelino Tech 01.21.2024 21:Jan PM EST

Microsoft Senior Leaders' Emails Breached by Russian-Backed Hackers

Microsoft confirmed that Russian-backed hackers were able to access corporate documents and emails of its senior leadership team in a data breach on Jan. 12, Friday.

The tech giant announced the cyberattack last Friday that the state-sponsored Midnight Blizzard, also known as Nobelium, launched the "nation-state attack" on the company system.

Midnight Blizzard Breached Employee Emails Since November

According to reports, the hackers started the attack in November last year using a "password spray attack" to infiltrate "a very small percentage" of Microsoft email accounts.

Microsoft assured that the breach was not caused by vulnerabilities in the company's system.

According to the company, the hackers were not able to access its servers for customer environments, production systems, source code, or AI system.

Microsoft is still investigating the attack to identify all affected employees.

Also Read: Russia-Linked Hackers Launch Phishing Attacks on 40 Govt Orgs

State-Sponsored Hackers Increase Cyberattacks on US

Nobelium's attack on Microsoft was not the first time the Russian-backed group orchestrated a data breach on a major institution in the United States, nor it will be the last.

The group launched various attacks on government websites and IT services across the UK and US, including a cyberattack on Microsoft three years ago.

Microsoft has since labeled the group as the "most sophisticated nation-state" hackers.

The past two years have seen a surge of cyberattacks from state-sponsored hackers, particularly from China and Russia, CNBC reported.

The attacks follow after the increasing tension between the three nations in the Indo-Pacific region and the US's support to Ukraine against Russia's invasion.

For Microsoft's part, the tech giant is now "shifting the balance" to better protect itself against threat actors and state-sponsored attacks.

The company launched the Secure Future Initiative last year to improve its cybersecurity via AI cyber defenses, advanced software engineering, and advocacy against online threats.