Microsoft has confirmed a recent cybersecurity breach involving a Russian hacking group gaining access to emails and documents of a select group of the company’s employees, including senior executives. Detected last week by Microsoft, the breach began in November, marking another significant security incident for the world’s leading security software seller.
This hacking group, suspected of orchestrating the 2020 Solarwinds hacks of federal agencies, employed a “password spray” attack, effectively guessing the passwords of Microsoft employees. The breach affected a very small percentage of Microsoft’s corporate email accounts, encompassing members of the senior leadership team and employees within cybersecurity, legal, and other departments.
Microsoft is currently responding to the hack and assessing its full impact. This incident underscores the ongoing cybersecurity challenges faced by global corporations, especially those at the forefront of technology and security software development.