Hackers have stolen documents relating to law enforcement inquiries through phishing attacks on employee emails, Microsoft has announced.
On Friday, a blog post by Adrienne Hall, general manager in Microsoft’s Trustworthy Computing Group said that “Recently, a select number of Microsoft employees’ social media and email accounts were subjected to targeted phishing attacks”.
The blog post continues: “It appears that documents associated with law enforcement inquiries were stolen”.
Microsoft has released a transparency report every six months since March 2013, detailing the number of requests for data that the company receives from law enforcement agencies around the world.
It appears that they are the only documents stolen, although the company has said that “if we find that customer information relating to those requests has been compromised, we will take appropriate action”. PC World points out that Microsoft has not commented on the validity of the documents stolen, adding that some of the requests received by law enforcement agencies are subject to ‘gag orders’ which forbid Microsoft from revealing their existence.
Microsoft has previously been targeted by the Syrian Electronic Army (SEA), a group of hackers that supports Bashar al-Assad’s regime. The SEA has also attacked Skype and Microsoft Office blogs this month, according to PC Advisor.
Speaking to SecurityWeek, Adrienne Hall confirmed that Microsoft believes the SEA is to blame, saying: “Our current information suggests the phishing attacks are related.”
The Syrian Electonic Army has been responsible for dozens of hacks over the past year, and is known for targeting social media accounts and blog platforms. Last week it hacked CNN’s Twitter and Facebook accounts, using the access to post tweets denouncing CCN’s reporting as lies.
On its own Twitter account, the SEA acknowledged that it was behind the attacks, and claimed that the documents stolen were not limited to law enforcement inquiries. It went on to say that it plans to publish the documents on “a media site” that they refused to name.
Author Staff Writer, ESET