Microsoft Corporation MSFT has issued warnings to organizations, signaling potential threats from a Russian-backed hacker group, Midnight Blizzard, which has been linked to a breach of the tech giant’s executive emails.
Discovery and Notification: Microsoft’s Threat Intelligence team identified Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM, as the suspected entity targeting these organizations, according to the company’s Thursday blog post. The company stated, “It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate.”
The activities of this group have evidently stretched beyond Microsoft, with Hewlett Packard Enterprise Co. HPE reporting a breach of its cloud-based email system, believed to be orchestrated by Midnight Blizzard.
Microsoft previously disclosed that the group had compromised a “legacy non-production test tenant account,” which was used to access a “small number” of email accounts, including those of senior leadership and employees involved in cybersecurity and legal, reported Bloomberg.
Significance of the Situation: Previously, CrowdStrike CRWD CEO George Kurtz described the challenges posed by Russian hackers, particularly Nobelium, stating that their operations are “low and slow,” making them difficult to detect.
Nobelium’s recent breach at Microsoft is just one example of Russian hackers gaining attention. In August last year, reports emerged about Russian hackers unveiling a novel tool called Hidden Virtual Network Computer or VNC, designed to provide complete access to Apple Mac devices, enabling them to pilfer personal data and login credentials.