Microsoft warns of Russian-sponsored group that hacked its executives' emails

= Microsoft Corp. said it has begun warning organizations that they were targets of the same Russian-sponsored group that hacked into its executives' emails late last year. 

The hackers — a group known as Midnight Blizzard or Cozy Bear — has been identified by Microsoft's Threat Intelligence team as the same actor that “has been targeting other organizations,” according to a blog post from the software maker on Thursday. “As part of our usual notification processes, we have begun notifying these targeted organizations.”

The disclosure is the latest sign that the group's recent activities have spread beyond Microsoft. On Wednesday, Hewlett Packard Enterprise Co. reported a breach of its cloud-based email system that it said was likely caused by Midnight Blizzard.

Last week, Microsoft disclosed that the group compromised a “legacy non-production test tenant account” and used it as a foothold to access a “small number” of email accounts, including those of senior leadership and employees who work in cybersecurity and legal. The hackers were initially targeting emails for information about Midnight Blizzard itself, Microsoft said. A later investigation found that the initial email account didn't have multifactor authentication, a common security measure, Microsoft said.

HPE, an information technology provider, said it was notified on Dec. 12 that a nation-state hacking group breached its email systems. Investigators believe the hackers accessed and infiltrated data beginning in May using a small percentage of HPE mailboxes from employees working in cybersecurity and other areas.

The US government has linked the hacking group, also known as Nobelium, to Russia. The same group previously breached SolarWinds Corp. in a massive cyber-espionage campaign against several federal agencies.

More stories like this are available on bloomberg.com

©2024 Bloomberg L.P.