A Russian hacker group attacked the accounts of Microsoft executives. They just want to know how much Microsoft knows about them

Microsoft disclosed a document in compliance with regulatory requirements on Friday local time (the same below). The document showed that Microsoft executives and some team members were attacked by the Russian hacker group APT29. Microsoft immediately investigated and deployed defensive measures after discovering the malicious activity on January 12, 2024.

APT29 is the code name given to this Russian hacker group by the industry. Other code names include MidnightBlizzard, Nobelium, BlueBravo, CloakedUrsa, CozyBear, and TheDukes.

Why is this an act of confusion? Because the purpose of the hacker's attack was to find out how much Microsoft knew about itself, it felt like overkill.

The Microsoft security team has been continuously tracking various threats on the Internet, including APT29. According to existing clues, Microsoft clearly knows that this hacker group comes from Russia, but after all, Microsoft will not disclose all the details it knows, so APT29 goes to great lengths to launch an attack just to know how much Microsoft knows about itself.

So has APT29 succeeded? In some respects it should have been a success, as the hacking group managed to gain access to the mailboxes of a number of employees in cybersecurity, legal and other functions, including some in Microsoft management.

Microsoft said that based on preliminary investigations, the hacker group is expected to have started preparations in late November 2023. The hackers used password spray attacks to gain access to some internal Microsoft accounts.

Password spraying attack is also called password spraying attack, which should be regarded as a subcategory of brute force cracking. The principle is to avoid brute force cracking leading to account lockout, and prepare a batch of commonly used weak passwords or known passwords, select one of the passwords to log in to a large number of accounts in batches, if an account happens to be successfully logged in, then delete this account and change a new password to continue "spraying" the remaining accounts, instead of preparing a large number of passwords for one account. After all, the account may be locked if you log in incorrectly a few times.

Microsoft said that the main purpose of APT29 is to obtain information related to itself, that is, it wants to know how much Microsoft knows about itself. It is estimated that it may want to obtain this type of intelligence information for targeted avoidance.

Microsoft also emphasized that the attack was not caused by a vulnerability in any product, and there was no evidence that hackers accessed customer environments, customer data, production systems, source code systems, and artificial intelligence systems.