Pierluigi Paganini August 09, 2024

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media.

Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. The news was first reported by Recorded Future News, which obtained an official description of the incident report.

The description of the report was obtained under the Freedom of Information Act, it revealed that the incident follows an attack carried out by a nation-state actor on a supplier of the department’s corporate systems, and linked the security breach to Microsoft’s January announcement.

In January, Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. The company notified law enforcement and relevant regulatory authorities.

Microsoft also announced that the Russia-linked APT Midnight Blizzard that hit the company in late November 2023 has been targeting organizations worldwide as part of a large-scale cyberespionage campaign.

The Record Media speculate that Microsoft’s government customers may have discovered that they were impacted by the breach months after the IT giant discovered the attack.

“Just the day after the data breach report was filed with Britain’s data protection regulator, the U.K. and allies issued a joint statement condemning malicious cyber activity by the Russian intelligence services — although this specifically focused on the activity of a different Russian agency, the GRU, which was blamed for attacks on the German Social Democratic Party.” reported The Record Media.

Microsoft stated that there is no evidence that any customer-facing systems hosted by Microsoft were compromised as a result of the attack disclosed in January.

“We have found no evidence that any Microsoft-hosted customer-facing systems have been compromised as a result of the attack against Microsoft that we shared in January. As we shared at the time, the threat actor accessed a very small percentage of Microsoft corporate email accounts.” a spokesperson for Microsoft told The Record. “We provided notifications to customers who corresponded with the impacted Microsoft corporate email accounts.”

A government spokesperson confirmed that there is no evidence of compromised operational data from the Home Office.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, UK government)