Wouldn’t you like to know what the tech giants know about you? That’s exactly what Russian government hackers want.
On Friday, Microsoft revealed that the hacker group it calls Midnight Blizzard, aka APT29 or Cozy Bear — and widely believed to be sponsored by the Russian government — hacked into a number of corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal and other functions.”
Surprisingly, the hackers didn’t look for customer data or the traditional corporate information they might normally be looking for. They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knew about them, according to the company.
Contact us
Do you have more information about this hack? We would love to hear from you. From a non-working device, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
“Investigation indicates that email accounts were initially targeted for information related to Midnight Blizzard itself,” the company wrote. in a blog post and SEC disclosure.
According to Microsoft, the hackers used a “password spray attack” — essentially brute force — on a legacy account and then used that account’s permissions “to gain access to a very small percentage of Microsoft corporate email accounts ».
Microsoft did not disclose how many email accounts were compromised, or exactly what information the hackers accessed or stole.
Company representatives did not immediately respond to a request for comment.
Microsoft took advantage of the news of this hack to talk about how it will move forward to become more secure.
“For Microsoft, this incident has highlighted the urgency to move even faster. We will act immediately to apply our current security standards to legacy systems and internal business processes owned by Microsoft, even when these changes may cause disruption to existing business processes,” the company wrote. “This will likely cause some level of disruption as we adjust to this new reality, but this is a necessary step, and only the first of many we will take to adopt this philosophy.”
APT29, or Cozy Bear, is widely believed to be a Russian hacking group working on a number of high-profile attacks, such as those against SolarWinds in 2019, the Democratic National Committee in 2015, and many others.
