Microsoft reported that state-backed Russian hackers successfully infiltrated the company's corporate email system, AP reported. The breach affected accounts of key members of the leadership team, and employees in the cybersecurity and legal departments, it added. The intrusion commenced in late November 2022, with Microsoft detecting it on January 12.
The same highly skilled Russian hacking team responsible for the SolarWinds breach was identified as the threat actor. Microsoft clarified that only a "very small percentage" of its corporate accounts were accessed. Some emails and attached documents were stolen during the breach.
While Microsoft did not immediately disclose which senior leadership members had their email accounts breached, the company stated that it is in the process of notifying affected employees. Microsoft was able to remove the hackers' access from compromised accounts around January 13. The company emphasised ongoing investigations into the incident, indicating that the hackers initially targeted email accounts for information related to their activities.
In compliance with a new United States Securities and Exchange Commission (US SEC) rule, Microsoft filed a regulatory report on January 19. The filing mentioned that, as of the reporting date, the incident has not had a material impact on the company's operations. However, the impact on its finances is yet to be determined.
Read more on livemint.com