Microsoft disclosed on Friday that a Russian intelligence group known as Nobelium hacked into some of its top executives’ email accounts and stole some sensitive information. The same group was behind the massive SolarWinds hack that compromised several U.S. government agencies and private companies in 2020.
According to Microsoft, the attack was detected last week and involved a “legacy non-production test tenant account” that Nobelium accessed and used to infiltrate a “very small percentage” of Microsoft corporate email accounts. The hackers targeted members of Microsoft’s senior leadership team, including CFO Amy Hood and President Brad Smith, as well as employees in its cybersecurity, legal, and other functions.
Microsoft said it has not found any evidence that Nobelium accessed customer data, production systems, or proprietary source code. However, the company acknowledged that the attack could have a negative impact on its reputation and customer trust, as well as expose it to legal and regulatory risks.
The attack comes amid heightened tensions between Russia and Ukraine, as well as new U.S. rules for disclosing cybersecurity incidents. Microsoft said it wanted to honor the spirit of the rules, even though it did not believe the attack had a material effect on its operations.
The Cybersecurity and Infrastructure Security Agency (CISA) said it is working closely with Microsoft to understand the scope and impact of the incident and to help protect other potential victims. CISA also urged all organizations to review Microsoft’s guidance and take steps to secure their systems.
Nobelium is a sophisticated hacking group that is believed to be part of the Russian foreign intelligence service SVR. It is also known as APT29 or Cozy Bear, and Microsoft uses the name Midnight Blizzard to identify it. Nobelium is responsible for one of the most prolific breaches in U.S. history, when it added malicious code to updates to SolarWinds’ Orion software, which some U.S. government agencies and private companies were using. The SolarWinds hack affected more than 18,000 organizations and exposed sensitive data from the Department of Homeland Security, the Treasury Department, the Justice Department, and others.
Nobelium has also attempted to breach the systems of U.S. allies and the Department of Defense, and was involved in the 2016 hack of the Democratic National Committee’s systems, along with another Russian hacking group.
This is not the first time that Microsoft has been targeted by state-sponsored hackers. Last year, a vulnerability in Microsoft software allowed China-aligned hackers to access the email accounts of senior government officials, including Commerce Secretary Gina Raimondo, ahead of a critical U.S.-China meeting. Sen. Ron Wyden, a Democrat from Oregon, criticized Microsoft for its “negligent cybersecurity practices” that led to the attack.