In January 2024, Microsoft issued an alert stating that a hacker group believed to be state sponsored by Russia managed to access the email accounts of its top executives. This week, the US government revealed that that some of the emails between government agencies and Microsoft were taken by the group as part of this attack.
CNN reports that the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that the unnamed US government agencies have been alerted that these emails were accessed by the Russian hacker group. Those agencies have also been asked to boost their own online security, in the event the hackers try to use information from these emails to log into government systems. The CISA has labeled this possible threat as an "unacceptable risk to agencies.”
So far, there is no evidence that the US government agencies involved have seen any attempts from this hacker group to break into their systems. However, this is the same Russia-backed group that was allegedly responsible for the massive SolarWinds attack in 2020. In that specific inside, the group got access for months to various email accounts from the US Department Homeland Security and the Department of Justice, among other agencies, before their operation was discovered.
Back in January as part of its original alert, Microsoft stated that it found that in November 2023, the hacker group known by the names Nobelium and Midnight Blizzard executed a "password spray attack to compromise a legacy non-production test tenant account." That allowed the group to access the email accounts of its executives.
In a follow-up post in March, Microsoft said the hacker group had used the information it obtained in the earlier attack to attempt to "access to some of the company"s source code repositories and internal systems." It added the group continued to use its password spray attack on Microsoft"s systems.