Thelma Osatohanmwen

In a startling revelation, Microsoft has confirmed that state-backed Russian hackers have successfully infiltrated its corporate email system, accessing the accounts of its senior leadership team, including those in cybersecurity and legal departments.

The breach, which began in late November and was discovered on January 12, has been attributed to the same Russian hacking team responsible for the infamous SolarWinds breach.

Microsoft disclosed in a blog post that a “very small percentage” of its corporate accounts were compromised, resulting in the theft of emails and attached documents.

The intrusion was detected on January 12, and Microsoft was able to revoke the hackers’ access to the affected accounts by January 13. The company is currently in the process of notifying employees whose email was accessed.

The breach was executed by gaining access through compromised credentials on a “legacy” test account, which then allowed the hackers to tap into the accounts of Microsoft’s top executives and others.

The technique used, known as “password spraying,” involves attempting to log into multiple accounts using a common password.

Microsoft emphasized that the attack did not exploit any vulnerabilities in its products or services and assured that there has been no evidence of the hackers accessing customer environments, production systems, source code, or AI systems.

This incident comes amid heightened concerns over Russian cyberattacks, particularly following the SolarWinds hack, which was described by Microsoft as “the most sophisticated nation-state attack in history.”

The SVR, Russia’s foreign intelligence agency, is known for targeting governments, diplomats, think tanks, and IT service providers primarily in the U.S. and Europe for intelligence-gathering purposes.

Microsoft, headquartered in Redmond, Washington, stated in a regulatory filing with the U.S. Securities and Exchange Commission (SEC) that the incident has not had a material impact on its operations so far.

However, the company has not yet determined if the breach could materially affect its financial standing.