Cyber Incident Victim: Microsoft
Date:
Jan 2017
Location:
United Kingdom
Summary
A cybersecurity breach targeted Microsoft's networks through unauthorized access by an international hacking group, leading to the arrests of two individuals in the UK. Law enforcement agencies, including regional cyber crime units, the FBI, and EUROPOL, collaborated in the investigation, seizing devices and conducting searches. The company confirmed that customer data was not compromised, though authorities were still assessing the extent of network infiltration during the intrusion period. The suspects faced charges related to computer misuse offenses, with parallel inquiries ongoing in other countries as part of the coordinated effort to dismantle the group's activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
British authorities arrested two individuals in connection with an unauthorized intrusion into Microsoft's corporate networks between January and March 2017. The South East Regional Organised Crime Unit (SEROCU) detained a 22-year-old Lincolnshire man and a 25-year-old Bracknell man on June 22, 2017, executing residential searches that yielded multiple electronic devices as evidence. Investigators characterized the suspects as members of an international hacking collective, noting parallel law enforcement actions were underway in other nations. The first suspect faced allegations of "gaining unauthorised access to a computer," while the second was arrested under the UK's Computer Misuse Act. Microsoft confirmed through SEROCU that the breach did not compromise customer information, though forensic analysis remained ongoing to determine the exact scope of network access obtained by the attackers. Both suspects remained in custody at the time of the announcement.
The investigation involved coordinated efforts between SEROCU's Cyber Crime Unit, East Midlands Special Operations Unit (EMSOU), the FBI, EUROPOL, and the UK National Crime Agency's National Cyber Crime Unit (NCCU), alongside Microsoft's internal security team. Authorities declined to disclose technical specifics about the intrusion vectors or affected systems, citing the preliminary stage of their inquiry. Detective Sergeant Rob Bryant of SEROCU emphasized the transnational nature of cybercrime investigations, stating agencies would collaborate to "ensure cyber criminals have no place to hide." No further operational details or suspect identities were released as investigators continued analyzing seized devices and network logs. Microsoft maintained public silence beyond its initial statement relayed through law enforcement channels regarding customer data integrity.