A band of hackers claiming to be working in support of the embattled government of Syrian President Bashar al-Assad attacked and gained access to corporate email accounts belonging to employees of software giant Microsoft.
The attack comes days after the same group, the Syrian Electronic Army, claimed responsibility for a series of attacks against a Microsoft blog and the company’s Twitter account.
Microsoft confirmed the breach in a statement: “A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted. These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue.”
As with prior security incidents attributed to the SEA, the attack was carried out via phishing, a technique where a legitimate-seeming email attachment containing malware is sent to an employee of a targeted company or organization. Opening the attachment executes the malware, which gives an attacker remote access to a system or compromises an account.
In claiming responsibility, the group posted to Twitter a partial screenshot of the contents of at least one internal email between Microsoft employees.
The Syrian Electronic Army claimed credit for a series of attacks against Microsoft sites and one of its Twitter accounts four days ago. Today it said its attacks against the company are ongoing.
— SyrianElectronicArmy (@Official_SEA16) January 15, 2014
The group’s aim is usually to spread propaganda that favors the Assad regime and that seeks to discredit Syrian rebels who have been fighting a bloody, nearly-three-year civil war to topple the government.