Microsoft, the world’s largest tech company, had been infiltrated by hackers for months. How can this happen to such a large company without anyone noticing? “The larger an organization is, the more digital windows and doors it has.”

The group ‘Midnight Blizzard’ is probably behind the attack. This is a group of hackers that, according to the American and British intelligence services, has ties to the Russian secret service.

Statement Microsoft

About a week ago, Microsoft discovered the hack. In a statement, the company revealed that email addresses and documents of the company’s top management were mainly stolen.

The company indicates that it is busy cleaning up old systems. It has been announced that the hack does not affect consumers.

Digital windows and doors

It is not surprising that this happens at such a large company as Microsoft, says cybersecurity expert Dave Maasland. “What you generally see is that the larger an organization is, the more digital windows and doors it has. And it is incredibly complex to keep them all closed and monitored.”

“And so you also see that even at a company like Microsoft, with all their investment power and options to secure things, things go wrong in the foundation. And you can also read that in their own statement, which they again indicate: ‘Even we have I realize again that we have to make even faster progress, because it is simply not good enough yet.”

Documents about the group

It is likely that the hackers were mainly looking for documents about themselves, says the cybersecurity expert. “To see how much Microsoft actually knows about them.”

The documents captured by the group will therefore likely concern investigations into security incidents and Midnight Blizzard, for example. “And that makes this case quite special,” says Maasland.

Don’t sabotage, but gather intelligence

This corresponds to a certain shift in Russia: from sabotage to intelligence gathering, Maasland explains. “If there is one thing we have learned in recent years, it is that cyber is never an end. It is always a means to an end, an end that a country has.”

“And this attack could fit in well with that. To look at Microsoft: what do they actually know about us? What interesting information do they have? How good is our opponent? So this seems to be a classic intelligence operation, but executed in a very modern guise.”

Different mindset

The company will feel this attack not only in the practical costs – such as time and money they have to put into cleaning up the systems – but also in their image. Maasland: “There are of course supporters and opponents on the internet. People who are very happy that Microsoft is transparent, but also a large group that believes that Microsoft is not transparent enough for such a large software company.”

It is important for companies to keep up with the times, says the expert. “Management will have to adopt a different mindset. That your digital defenses really have to be in order. Because you see: if the most valuable company in the world is actually struggling to keep up with it all, then we will all step up have to put.”

Safety for consumers

So far, consumers don’t seem to have been affected. So there is no reason to panic, says Maasland, but he does call for vigilance. “In the end, the attackers, the hackers, were inside for more than 3 months. So the question is of course: what else happened before that or are there still things going on now?”

What can you do to keep your data as safe as possible? “You should do the basic things right. And that means turning on at least two-step verification for every service you use. And if you also keep your systems up to date, then as a consumer you are actually doing more than enough to keep your data safe at least in the basics.”

Dutch security service

Midnight Blizzard has been involved in major hacks before. For example, the group was probably behind the SolarWinds hack in 2020, at a software company that develops software that the US government and their Department of Homeland Security use, among others.

The Russian hacker group also became known in our country under the name ‘Cozy Bear’. In 2018, the group attempted to penetrate the headquarters of the American Democratic Party. But they didn’t know that our security service, the AIVD, had been shadowing them all along.

