Microsoft has recently disclosed a significant cyberattack by the group Nobelium, allegedly linked to Russian foreign intelligence services. On January 19th, the American tech giant revealed that Nobelium hackers successfully stole emails and documents from several Microsoft executives during a hacking campaign that began in November 2023.
According to a brief statement from Microsoft, the company discovered on January 12th that state-sponsored actors had accessed the email accounts of some employees. Microsoft managed to block the hackers’ access by January 13th. The exact method used by the hackers to penetrate the system remains unclear. However, Microsoft noted that the attackers initially engaged in “password spraying,” a technique involving the testing of commonly used or previously stolen passwords on a large number of email addresses within Microsoft’s infrastructure. This led to the compromise of an old test account.
The attackers, linked to the infamous SolarWinds hack, reportedly accessed “a very small percentage of Microsoft accounts,” including those of top executives and members of security and legal teams. Nobelium, also known as Midnight Blizzard, is suspected of seeking information about their own activities in the compromised emails and documents to understand what Microsoft knew about them.
Nobelium is also behind the SolarWinds hack, one of the most significant cyber espionage operations attributed to Russia. In August 2023, Microsoft had reported another hacking campaign by Nobelium, where compromised accounts of some of its clients were used for phishing attacks against other organizations.
