Microsoft says Russian hackers additionally focused different organizations

On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies. Now, per week later, the know-how large mentioned that it was not the one goal of the espionage operation.

In a new blog post, Microsoft mentioned that “the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations.”

At this level, it’s unclear what number of organizations the Russian-backed hackers focused.

When requested by TechCrunch to offer a particular variety of victims it has notified to date, a Microsoft spokesperson declined to remark.

Microsoft recognized the hackers because the group it calls Midnight Blizzard. This group is broadly believed to be working for Russia’s International Intelligence Service, or SVR. Different safety corporations name the group APT29 and Cozy Bear.

Microsoft mentioned it detected the intrusion on January 12, after which established that the hacking marketing campaign began in late November, when the hackers used a “password spray attack” on a legacy system that didn’t have multi-factor authentication enabled. Password spraying is when hackers attempt to brute-force access to accounts utilizing generally used passwords, or a bigger checklist of passwords from previous information breaches.

“The actor tailored their password spray attacks to a limited number of accounts, using a low number of attempts to evade detection and avoid account blocks based on the volume of failures,” Microsoft wrote in its newest weblog publish. “The threat actor further reduced the likelihood of discovery by launching these attacks from a distributed residential proxy infrastructure. These evasion techniques helped ensure the actor obfuscated their activity and could persist the attack over time until successful.”

As soon as the Russian-backed hackers gained entry to an account on that legacy system, they “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts,” in line with Microsoft, which has not but specified what number of e-mail accounts have been compromised.

Microsoft, nevertheless, mentioned that the hackers particularly focused the corporate’s senior executives, in addition to individuals who work in cybersecurity, authorized, and different departments. The hackers have been in a position to steal “some emails and attached documents.”

Curiously, the hackers have been thinking about discovering out details about themselves, particularly what Microsoft is aware of about them, the corporate mentioned.

On Thursday, Hewlett Packard Enterprise (HPE) disclosed that its Microsoft-hosted email system was hacked by Midnight Blizzard. HPE mentioned it was notified of the breach — with out saying by whom — on December 12. The corporate mentioned that in line with its personal investigation, the hackers “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes beginning in Might 2023.

It’s unclear how, or if, this breach is linked to the hackers’ espionage marketing campaign focusing on Microsoft, as HPE mentioned its incident was linked to an earlier intrusion the place the identical hackers exfiltrated “a limited number of SharePoint files” from its community.

“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” HPE spokesperson Adam R. Bauer informed TechCrunch.

Up to date with Microsoft declining to remark.