Hackers breached Microsoft to find out what Microsoft knows about them

Wouldn’t you need to know what tech giants learn about you? That’s precisely what Russian authorities hackers need, too.

On Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, often known as APT29 or Cozy Bear — and extensively believed to be sponsored by the Russian authorities — hacked some company electronic mail accounts, together with these of the corporate’s “senior management staff and staff in our cybersecurity, authorized, and different capabilities.”

Curiously, the hackers didn’t go after buyer knowledge or the normal company data they might have usually gone after. They needed to know extra about themselves, or extra particularly, they needed to know what Microsoft is aware of about them, in keeping with the corporate.

Contact Us

Do you’ve got extra details about this hack? We’d love to listen to from you. From a non-work machine, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram, Keybase and Wire @lorenzofb, or electronic mail [email protected]. You can also contact TechCrunch by way of SecureDrop.

“The investigation signifies they have been initially focusing on electronic mail accounts for data associated to Midnight Blizzard itself,” the corporate wrote in a blog post and SEC disclosure.

In accordance with Microsoft, the hackers used a “password spray assault” — primarily brute forcing — in opposition to a legacy account, then used that account’s permissions “to entry a really small proportion of Microsoft company electronic mail accounts.”

Microsoft didn’t disclose what number of electronic mail accounts have been breached, nor precisely what data the hackers accessed or stole.

Firm spokespeople didn’t instantly reply to a request for remark.

Microsoft took benefit of stories of this hack to speak about how they will transfer ahead to make itself safer.

“For Microsoft, this incident has highlighted the pressing want to maneuver even quicker. We are going to act instantly to use our present safety requirements to Microsoft-owned legacy methods and inside enterprise processes, even when these modifications would possibly trigger disruption to current enterprise processes,” the corporate wrote. “It will probably trigger some stage of disruption whereas we adapt to this new actuality, however this can be a vital step, and solely the primary of a number of we might be taking to embrace this philosophy.”

APT29, or Cozy Bear, is extensively believed to be a Russian hacking group working answerable for a sequence of high-profile assaults, equivalent to these in opposition to SolarWinds in 2019, the Democratic Nationwide Committee in 2015, and lots of extra.