Why not learn what tech giants know about you? Russian government hackers want that too.
Microsoft announced on Friday that Midnight Blizzard, also known as APT29 or Cozy Bear and believed to be sponsored by the Russian government, hacked some corporate email accounts, including those of its “senior leadership team and employees in our cybersecurity, legal, and other functions.”
Unlike usual, the hackers didn’t target consumer or company data. The business said they wanted to know what Microsoft knows about them.
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” the business noted in a blog post and SEC statement.
Microsoft said the hackers conducted a “password spray attack”—brute forcing—on a legacy account and utilized its rights “to access a very small percentage of Microsoft corporate email accounts.”
Microsoft did not say how many email accounts were hacked or what data was stolen.
An inquiry to company officials was not immediately answered.
Microsoft used this attack to announce security improvements.
“This incident has shown Microsoft the urgency of moving faster. We will immediately apply our current security requirements to Microsoft-owned legacy systems and internal business processes, even if they interrupt existing business operations, the firm added. “This will likely cause some disruption while we adapt to this new reality, but it is a necessary step and only the first of many we will take to embrace this philosophy.”
APT29, or Cozy Bear, is a Russian hacking outfit suspected of attacking SolarWinds in 2019, the Democratic National Committee in 2015, and others.
