In a regulatory filing on Friday, Microsoft revealed that a
Russian intelligence group, Nobelium, had successfully breached the email
accounts of some of the software company’s top executives. Nobelium, previously
implicated in the SolarWinds breach in 2020, carried out this recent attack,
which Microsoft detected last week. The disclosure comes in the wake of new
U.S. requirements for reporting cybersecurity incidents. While Microsoft
believes the attack had no substantial impact, it aimed to align with the
spirit of the new rules. The breach involved unauthorized access to a
non-production test tenant account, which was then utilized to access a limited
number of corporate email accounts, including those of senior leadership.
Microsoft emphasized that there are no indications Nobelium accessed customer
data, production systems, or proprietary source code. Both Microsoft and the
U.S. government categorize Nobelium as part of the Russian foreign intelligence
service SVR. Nobelium played a role in the SolarWinds breach, impacting U.S.
government agencies, including Microsoft. Known also as APT29 or Cozy Bear,
Nobelium has a history of sophisticated cyber-attacks targeting U.S. allies and
the Department of Defense. The investigation is ongoing, and Microsoft commits
to taking further actions based on its outcomes, collaborating with law
enforcement and regulators. Currently, the Cybersecurity and Infrastructure
Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have not
responded to CNBC’s requests for comment.
The comment section here is a testament to the thoughtful community you've built.
ReplyDeleteFantastic blog! Well-written article and a pleasure to navigate
ReplyDelete