In a recent regulatory filing, Microsoft has revealed that it was targeted in a cyberattack by the Russian intelligence group Nobelium. This is the same group responsible for the widespread SolarWinds hack that occurred in 2020. Although the incident did not have a significant impact on Microsoft's operations, the company opted to disclose the event in accordance with new cybersecurity event disclosure rules.

According to Microsoft, Nobelium gained unauthorized access to the email accounts of some of the software giant's top executives. The attack was detected last week, highlighting the persistent threat posed by the Russian group. This is not the first time that Russian hackers have infiltrated Microsoft's systems, as state-sponsored attacks have become increasingly concerning during periods of armed conflict.

The disclosure comes amid escalating tensions between Russia and Ukraine. Microsoft's announcement coincided with the implementation of new U.S. requirements for cybersecurity incident reporting. Despite believing that the attack did not adversely affect its operations, Microsoft still honored the rules and opted for full transparency.

The cyberattack, which was carried out by Nobelium, involved accessing a "legacy non-production test tenant account," according to Microsoft's Security Response Center. From there, the group utilized the account's permissions to gain access to a limited number of Microsoft corporate email accounts, including those belonging to senior leadership, cybersecurity personnel, legal teams, and other functions. The hackers were able to extract some emails and attached documents.

Notably, Microsoft clarified that there is no evidence to suggest that Nobelium accessed customer data, production systems, or proprietary source code. The U.S. government, alongside Microsoft, considers Nobelium to be part of the Russian foreign intelligence service SVR. The group's previous breach of SolarWinds' Orion software, which affected several U.S. government agencies, cemented its status as a highly capable hacking group.

Nobelium, also known as APT29 or Cozy Bear, has a history of targeting U.S. allies and the Department of Defense. Microsoft has assigned the name "Midnight Blizzard" to the group as an identifier. The hacking group was also linked to the 2016 breach of the Democratic National Committee's systems.

Last year, Microsoft faced criticism when a vulnerability in its software allowed China-aligned hackers to access the email accounts of senior government officials, including Commerce Secretary Gina Raimondo. The incident raised concerns about the company's cybersecurity practices.

Microsoft is currently conducting an investigation into the recent cyberattack and is committed to taking additional measures based on the investigation's findings. The company will continue collaborating with law enforcement agencies and regulatory authorities to address the issue. At the time of writing this article, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have not provided any official comments on the matter.