Microsoft Targeted By Russian State-Sponsored Threat Group Nobelium In Security Breach

microsoft security breached by russia backed nobelium cozy bear solarwinds group 2
When it comes to security breaches, traditionally we expect that it is a company with poor security practices or simply struggling to keep up in the never-ending onslaught of threats online. However, the latest breach suffered by Microsoft changes that narrative significantly, indicating that, realistically, anyone could get popped and be none the wiser. Thankfully, Microsoft caught on to the shenanigans of the Russian state-sponsored threat actor group Nobelium before they got away with too much intelligence.

This threat actor group known as Nobelium, among many other names, such as Midnight Blizzard, Cozy Bear, or APT-29, is a group with ties to Russia’s Foreign Intelligence Service (SVR). This group has also been tied to the SolarWinds supply chain attacks of 2020 and 2021, where an estimated 18,000 SolarWinds Orion customers had data accessed in some capacity. Since then, the group has continued its nefarious activities, pivoting more toward stealthy intelligence collection and surveillance, specifically targeting government officials and organizations of relevance.

breach microsoft security breached by russia backed nobelium cozy bear solarwinds group 2

One such organization that fell under the eye of Nobelium is Microsoft, which has done significant research on the group. As such, Nobelium attempted to and successfully gained access to Microsoft’s data. This was done through a password-spraying attack to get into an account that Microsoft used for testing. This account was then leveraged to access a “very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in cybersecurity, legal, and other functions.” With this access, the threat actors were able to nab some emails and attached documents while on the hunt for information, Microsoft held about the group itself.

With this attack, Microsoft notes that it must make immediate changes to security regarding Microsoft-owned legacy systems and internal business processes. This will come no matter the impact, as Microsoft must balance security and business risks posed by nation state-backed threat actors. Of course, Microsoft's leaning on the fact that this attack came from a nation-state actor should not take away the fact that these security steps should have probably happened sooner. Regardless, it also shows that anyone can be breached at any time, given the current state of cybersecurity, and as such, everyone should heed these warnings, learn from the case studies and remained informed.