Satya Nadella, CEO of Microsoft
CNBC
Microsoft said in a Friday regulatory filing that a Russian hacking group accessed some of the software maker’s top executives’ email accounts. The company said a group called Nobelium carried out the attack, which it detected last week.
The announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material impact, it still wanted to provide details publicly.
In late November, the group accessed “a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft’s Security Response Center wrote in the blog post.
The company’s senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to a request for comment.
Microsoft and the U.S. government consider Nobelium to be a part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history, when it breached government supplier SolarWinds in 2020.
Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium.
It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee’s systems.
This is breaking news. Please check back for updates.