Microsoft Isn't the Only Target of Russian Hackers

More companies are expected to disclose that they were attacked by Russian-backed threat actors who stole executives' emails, according to Microsoft.

The technology giant, which recently announced that it was attacked in late November, warned that it found more victims on Thursday and started informing them. Hewlett Packard Enterprise also disclosed that it was the victim of an attack led by the hacking team tracked as APT29, also known as Midnight Blizzard, according to a regulatory filing.


Both Microsoft and HPE said Russia's foreign intelligence service had been inside the target companies for months; In Microsoft's case, hackers broke into its network by trying the same passwords over and over again in multiple attacks until they got a match.

The U.S. Securities and Exchange Commission last year strengthened rules requiring companies to disclose cybersecurity incidents to shareholders. The SEC's rules took effect last month and helped force recent disclosures from Microsoft and HPE.


More than 10 companies are expected to disclose system breaches, two security experts told the Washington Post. The hacking group that Cozy Bear goes by has been active since at least 2010.

Aside from recent attacks, the group's last major victory came in late 2020 when it broke into software provider SolarWinds. Hackers modified the company's code and opened a backdoor to organizations that downloaded SolarWinds software.