Microsoft said it detected an attack on January 12 and is still working to notify employees whose emails were hacked.
A group of Russian-linked hackers attacked Microsoft’s corporate systems, gaining access to “a small number of email accounts,” including those of executives and employees working in the cybersecurity and legal sectors.
The company has not yet detected any access by the group, called Midnight Blizzard, to its source code or artificial intelligence systems. The American technology giant announced this, making it known that it had immediately started working to repair the older systems, which could lead to some interruptions in service.
Related: How to Disable Integrated Graphics
Action Taken
“We will take immediate action to apply our security standards to internal systems and business processes owned by Microsoft.
These changes may cause disruptions to existing business processes,” Microsoft said. The hackers do not appear to have gained access to customer systems or Microsoft servers running externally facing functions, the company added in a blog post.
The company said that hackers have been carrying out a “password spray” attack to infiltrate systems since November 2023.
Related: How To Install Windows 11 Update On PC
This technique, sometimes known as a “brute force attack,” involves strangers quickly trying multiple passwords on specific usernames to try to break into targeted business accounts. Microsoft said it detected the attack on January 12 and was still working to notify employees whose emails were hacked.
Microsoft’s announcement comes a month after the U.S. Securities and Exchange Commission took effect on a new rule requiring publicly traded companies to disclose violations that could negatively impact their business. Companies have four days to do so unless they obtain an exemption for national security reasons.
In January 19, 2024 filing, Microsoft said that “as of the date of this document, the incident has not had a material impact” on its business. However, it added that it has not “determined whether the incident is reasonably likely to have a material impact” on its finances.
More Topics:
