Russian foreign intelligence hackers gain access to top Microsoft officials, company says | CyberScoop<\/title> <meta name=\"description\" content=\"Microsoft said the SVR attack "was not the result of a vulnerability" in its products or services.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Russian foreign intelligence hackers gain access to top Microsoft officials, company says\"> <meta property=\"og:description\" content=\"Microsoft said the SVR attack "was not the result of a vulnerability" in its products or services.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-01-19T23:30:27+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1260\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1701905043g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1705595524g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1705650854g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78854\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78854\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Frussian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78854 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.696741854637\">\n<div class=\"single-article__header-content\" readability=\"29.217391304348\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Microsoft said the SVR attack “was not the result of a vulnerability” in its products or services. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"420\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says.jpg?resize=640%2C420&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=300,197 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=768,504 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=1024,672 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=1536,1008 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=600,394 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=256,168 256w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=514,337 514w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=1029,675 1029w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-2.jpg?resize=1285,843 1285w\" sizes=\"(max-width: 1029px) 100vw, 1029px\"><figcaption> The corporate logo for Microsoft is displayed on the front of their building on 8th Avenue on December 30, 2023, in New York City. (Photo by Gary Hershorn\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"26.539193302892\"><body readability=\"53.278512396694\"><\/p>\n<p>Hackers working on behalf of Russia\u2019s foreign intelligence service successfully penetrated a limited number of Microsoft corporate email accounts, stealing some emails and attached documents, the company announced Friday. <\/p>\n<p>Microsoft detected the attack from a hacking unit tied to Russia\u2019s External Intelligence Service (SVR) on Jan. 12 \u201cand immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access,\u201d the company said in <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/789019\/000119312524011295\/d708866dex991.htm\">a Securities and Exchange Commission filing<\/a>.<\/p>\n<p>The attackers used <a href=\"https:\/\/owasp.org\/www-community\/attacks\/Password_Spraying_Attack\">a password spray attack<\/a> \u2014 a process where multiple user names are tried against a constant password for a given account \u2014 to compromise a \u201clegacy, non-production test tenant account and gain a foothold, and then used the account\u2019s permissions to access a very small percentage of Microsoft\u2019s corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.\u201d<\/p>\n<p>The company\u2019s investigation suggests the attackers were \u201cinitially\u201d targeting email accounts for information related to themselves. \u201cThe attack was not the result of a vulnerability in Microsoft products or services,\u201d the company added. \u201cTo date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>This is the second time in the past six months that Microsoft has disclosed an embarrassing attack by state-aligned hackers. In <a href=\"https:\/\/cyberscoop.com\/china-hackers-email-us-government\/\">July, the company announced<\/a> that a Chinese-linked operation had successfully obtained an internal consumer signing key and used that to obtain access to email accounts connected with U.S. government officials.<\/p>\n<p>The SVR hacking unit that attacked Microsoft \u2014 tracked by Microsoft as Midnight Blizzard, but <a href=\"https:\/\/attack.mitre.org\/groups\/G0016\/\">also<\/a> as Nobelium, APT29, or Cozy Bear \u2014 was behind the attack on SolarWinds, first announced in 2020, which gave the hackers access to a variety of U.S. government agencies, along with <a href=\"https:\/\/www.csoonline.com\/article\/570537\/the-solarwinds-hack-timeline-who-knew-what-and-when.html\">hundreds of other victims<\/a>, the <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2021\/04\/15\/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government\/\">White House said<\/a> in April 2021.<\/p>\n<p>The group was also <a href=\"https:\/\/www.wired.com\/story\/dnc-lawsuit-reveals-key-details-2016-hack\/\">involved with the hack of the Democratic National Committee<\/a> leading up to the 2016 U.S. elections, playing a key role in the sweeping Russian election interference operation.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3115942028986\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Russian foreign intelligence hackers gain access to top Microsoft officials,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[302,625,1386,270,1387],"tags":[306,630,1388,276,1389],"class_list":["post-2389","post","type-post","status-publish","format-standard","hentry","category-geopolitics","category-microsoft","category-nobelium","category-russia","category-svr","tag-geopolitics","tag-microsoft","tag-nobelium","tag-russia","tag-svr"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nobelium\/\" rel=\"category tag\">Nobelium<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/svr\/\" rel=\"category tag\">SVR<\/a>","tag_info":"SVR","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2389"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2389\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2389,"date":"2024-01-19T23:30:27","date_gmt":"2024-01-19T23:30:27","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78854"},"modified":"2024-01-19T23:30:27","modified_gmt":"2024-01-19T23:30:27","slug":"russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/01\/19\/russian-foreign-intelligence-hackers-gain-access-to-top-microsoft-officials-company-says\/","title":{"rendered":"Russian foreign intelligence hackers gain access to top Microsoft officials, company says"},"content":{"rendered":"