In a concerning development, state-backed Russian hackers have successfully infiltrated Microsoft's corporate email system, gaining access to accounts belonging to members of the company's leadership team, cybersecurity experts, and legal staff. Microsoft revealed this breach in a recent blog post, stating that the intrusion began in late November, but was only discovered on January 12. These same highly skilled Russian hackers were also responsible for the SolarWinds breach.

According to Microsoft, only a small percentage of corporate accounts were compromised, resulting in the theft of some emails and attached documents. The company has not disclosed the exact number or identities of the affected senior leadership members. However, in a regulatory filing, Microsoft confirmed that it had removed the hackers' access from the compromised accounts on or around January 13.

The ongoing investigation indicates that the hackers initially targeted email accounts in an attempt to gather information related to Microsoft's activities. The incident came to light after the implementation of a new U.S. Securities and Exchange Commission rule requiring publicly traded companies to promptly disclose breaches that could negatively impact their business, within a four-day window.

Microsoft stated in the filing that, as of now, the breach has not had a material impact on its operations; however, the financial implications are yet to be determined. The company clarified that the attack was not a result of any vulnerabilities in its products or services. Furthermore, there is currently no evidence to suggest that the threat actors had access to customer environments, production systems, source code, or AI systems.

The hackers from Russia's SVR foreign intelligence agency gained access to the email system by compromising credentials on a "legacy" test account, indicating that outdated code may have been exploited. Utilizing a brute-force attack technique known as "password spraying," they used the account's permissions to infiltrate the accounts of the senior leadership team and others.

Microsoft had previously warned about this hacking group, dubbed "Midnight Blizzard" or "Nobelium," in an August blog post. The threat-intelligence team at Microsoft had discovered that the same group had used the technique to attempt to steal credentials from multiple global organizations through Microsoft Teams chats.

The breach serves as a reminder of the severity of the SolarWinds hacking campaign, which Microsoft referred to as "the most sophisticated nation-state attack in history." The campaign compromised several U.S. government agencies, private companies, and think tanks. Microsoft continues to work on fortifying its cyber defenses and will notify customers if any necessary actions are required.

The SVR, focusing primarily on intelligence-gathering, typically targets governments, diplomats, think tanks, and IT service providers in the United States and Europe. As investigations unfold, the extent of the damage caused by the state-backed Russian hackers will become clearer, shedding light on the potential risks faced by targeted organizations and their stakeholders.