Microsoft Executives Hacked

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated …

access account actor agency attack compromise disclosure email executives hacked hacking intelligence intelligence agency legacy microsoft non november november 2023 password password spray permissions production reporting responsible russia russian solarwinds spray system test the company threat threat actor