Russian hacker group breaches email accounts of top Microsoft executives to seek information about ... itself

 Hacker deploying an attack.
Hacker deploying an attack.

What you need to know

  • Microsoft recently discovered that Nobelium, the same group behind the infamous SolarWinds attack, managed to compromise its security and gain access to email accounts belonging to some of its top executives.

  • Findings from the cybersecurity team show that the hacker group was after information about itself.

  • The tech firm categorically indicated that the hackers weren't able to access customer data or its AI systems.


Microsoft recently disclosed that it suffered a nation-state attack deployed by a Russian group of attackers, which allowed them to access confidential data from email accounts belonging to top executives at the tech firm.

The company further indicated that its dedicated security team detected the attack on its corporate systems on January 12, 2024, ultimately prompting it to take the necessary measures to remedy the situation.

Microsoft believes that the Russian state-sponsored actor known as Nobelium is behind this attack. The same hacker group was also behind the infamous SolarWinds attack, which allowed them to access systems belonging to the Treasury and Commerce departments and other US government agencies.

According to the Microsoft Security Response Center:

"Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents."

For a bit of context, attackers often leverage the password spray ploy on unsuspecting users since it allows them to access many accounts using some of the most commonly used passwords.

The hacker group accessed some emails and attached documents per Microsoft's preliminary investigations and analysis. However, it seems that it was more keen on accessing information related to itself. This is reminiscent of the SolarWinds ploy it deployed on US agencies back in 2020 to find out the plans and measures the US government had in place to mitigate its attacks.

Microsoft's investigation suggests that the hackers couldn't access data belonging to customers or the company's sophisticated AI systems. The firm is currently notifying employees whose emails were compromised and putting elaborate measures in place to prevent the reoccurrence of such an incident.

The company's investigation into the matter is still ongoing, with assistance from authorities and regulators. Microsoft also said that it would share more information about its findings.

Microsoft under siege

Robot standing in front of city with Microsoft logo
Robot standing in front of city with Microsoft logo

Last year, a group of suspected Chinese hackers managed to compromise Microsoft email accounts belonging to two dozen government agencies, including State Department officials and Commerce Secretary Gina Raimondo. While the company's cybersecurity team has since patched the issue, reports indicate that the group of hackers could access confidential details via the government systems as far back as May while the attack occurred in July.

This prompted a U.S. cybersecurity advisory panel commissioned by President Biden's administration to look into the risks of cloud computing. Senator Ron Wyden penned a letter to the board requesting it to look into the attack and cited that there was more to the story than Microsoft was letting on.

And with the emergence of generative AI, the situation can only get worse. According to a study, more attackers are warming up to the technology and leveraging its capabilities to deploy sophisticated ploys and attacks on unsuspecting users.