knows

Hackers breached Microsoft to find out what Microsoft knows about themOn Friday, Microsoft disclosed that the hacking group it calls Midnight Blizzard, also known as APT29 — and widely believed to be sponsored by the Russian government — hacked some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.”Curiously, the hackers didn’t go after customer data or the traditional corporate information they may have normally gone after. They wanted to know more about themselves, or more specifically, they wanted to know what Microsoft knows about them, according to the company. “The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” the company wrote in a blog post and SEC disclosure. According to Microsoft, the hackers used a “password spray attack” — essentially brute forcing — against a legacy account, then used that account’s permissions to “to access a very small percentage of Microsoft corporate email accounts.”Microsoft did not disclose how many email accounts were breached, nor exactly what information the hackers accessed or stole. Microsoft took advantage of news of this hack to talk about how they are going to move forward to make itself more secure.