Nobelium, the Russian intelligence group responsible for the SolarWinds breach in 2020, accessed a test account and a 'very small percentage' of corporate emails at Microsoft, including those of legal, cybersecurity, and leadership personnel. Microsoft clarified in a regulatory filing on Friday that no customer data or source code was compromised during the attack.
In late November, the group targeted a 'legacy non-production test tenant account,' as disclosed by Microsoft’s Security Response Center in a blog post. Last year, China-linked hackers exploited a Microsoft software flaw to access US government email accounts. Senator Wyden criticized Microsoft's security practices then.
The breach extended to some of Microsoft's top executives' email accounts. Although Microsoft does not believe the attack had a material effect, the company aims to adhere to regulatory reporting requirements. The Cybersecurity and Infrastructure Security Agency (CISA) is closely working with Microsoft to gain additional insights into the incident and assess its impacts to safeguard other potential victims, according to Eric Goldstein, CISA's executive assistant director for cybersecurity, in a statement to CNBC.