Advertisement
Microsoft disclosed on Friday that a Russian intelligence group, Nobelium, breached the email accounts of some of the company’s top executives. The same group previously targeted government supplier SolarWinds in 2020. The attack, detected last week, led to unauthorized access to a small percentage of Microsoft’s corporate email accounts, including those of senior leadership, legal, cybersecurity, and other functions.
Microsoft emphasized that it does not believe the attack had a material impact on its operations, and no signs indicate access to customer data, production systems, or proprietary source code. The breach coincided with the implementation of new U.S. regulations requiring companies to disclose cybersecurity incidents promptly.
Nobelium, also known as APT29 or Cozy Bear, is associated with the Russian foreign intelligence service SVR. The group gained infamy for the SolarWinds breach, where malicious code was added to software updates used by several U.S. government agencies, including Microsoft itself. The recent attack did not compromise customer data, according to Microsoft.
In late November, Nobelium accessed a non-production test tenant account and utilized its permissions to access a limited number of corporate email accounts. Microsoft’s senior leadership team, including CEO Satya Nadella, CFO Amy Hood, and President Brad Smith, were among the affected members.
Microsoft clarified that it had not found evidence of customer data compromise, and the incident did not extend to production systems or proprietary source code. The company is collaborating with law enforcement, regulators, and cybersecurity partners to investigate the breach further.
While the FBI is aware of the incident and working with federal partners, Senator Ron Wyden criticized Microsoft, calling the breach “wholly avoidable” and pointing to the company’s “negligent cybersecurity practices.” Wyden urged a reevaluation of the U.S. government’s reliance on Microsoft, emphasizing the need for multi-factor authentication.
Microsoft stated it would take additional actions based on the investigation’s outcomes and continue cooperating with law enforcement and regulators.
For now, the breach does not seem to have disrupted Microsoft’s core operations, and the company is actively managing the aftermath of the incident.