Microsoft said in a Friday regulatory filing that a Russian intelligence group accessed some of the software maker’s top executives’ email accounts. Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack, which Microsoft detected last week, according to the company.

It isn’t the first time Russian hackers have gained entry into Microsoft’s systems. State-sponsored attacks that can result in the dissemination of sensitive data becomes a greater risk during periods of armed conflict, and Russia’s war against Ukraine has been going on for almost two years now. On Thursday, Russia said Ukrainian forces conducted drone strikes in multiple Russian locations.

Microsoft’s announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material effect, it still wanted to honor the spirit of the rules.

The Cybersecurity and Infrastructure Security Agency is “closely coordinating with Microsoft to gain additional insights into this incident and understand impacts so we can help protect other potential victims,” CISA executive assistant director for cybersecurity Eric Goldstein said in a statement to CNBC. “As noted in Microsoft’s announcement, at this time we are not aware of impacts to Microsoft customer environments or products.” 

In late November, the group accessed “a legacy non-production test tenant account,” Microsoft’s Security Response Center wrote in the blog post. After gaining access, the group “then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the corporate unit wrote.

The company’s senior leadership team, including Chief Financial Offer Amy Hood and President Brad Smith, regularly meets with CEO Satya Nadella.

Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.

The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds’ Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack.

Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium.

It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee’s systems.

Last year, a vulnerability in Microsoft software allowed China-aligned hackers to access the email accounts of senior government officials, including Commerce Secretary Gina Raimondo, ahead of a critical U.S.-China meeting. The company’s “negligent cybersecurity practices” led to the attack, Sen. Ron Wyden, a Democrat from Oregon, wrote in a letter to CISA director Jen Easterly, and other federal officials.

“We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators,” the Microsoft blog post said.

The Federal Bureau of Investigation told CNBC that it knows about the attack and is working with federal partners to help.

Don’t miss these stories from CNBC PRO:

China-linked hackers breached the email account of U.S. Ambassador to China Nicholas Burns, as part of a recent targeted intelligence-gathering campaign, NBC News has confirmed.

The hackers also accessed the email account of Daniel Kritenbrink, the assistant Secretary of State for East Asia, who recently travelled with Secretary of State Antony Blinken to China, said NBC, citing two U.S. officials familiar with the matter. 

CNBC reached out to China’s Foreign Ministry for comment but has yet to hear back.

The beach was limited to the diplomats’ unclassified email accounts, NBC said adding that Secretary of Commerce Gina Raimondo’s email account was also accessed in the breach, as previously reported.

The news, first reported by the Wall Street Journal, further fuels the fallout for the U.S. of the alleged Chinese hack first revealed last week. 

Late Tuesday, Microsoft announced it had discovered that China-based hackers breached email accounts of about 25 organizations, including some U.S. government agencies, in a significant breach.

The compromise was “mitigated” by Microsoft cybersecurity teams after it was first reported to the company in mid-June 2023, Microsoft said in two blog posts about the incidents. The hackers had been inside government systems since at least May, the company said.

Blinken said he raised the issue of the Chinese hacking when he met China’s top diplomat Wang Yi in Jakarta last week, on the sidelines of the Association of Southeast Asian Nations regional meeting.

The U.S. Secretary noted he made clear to Wang that Washington will ensure the hackers are held responsible for alleged breaches of U.S. government agencies.

“First of all, this is something that the State Department actually detected last month, and we took immediate steps to protect our systems, to report the incident – in this case, notifying a company, Microsoft, of the event,” Blinken said at a press briefing.

“I can’t discuss details of our response beyond that, and most critically this incident remains under investigation,” he added.

Still, Blinken said that as a general matter, “we have consistently made clear to China as well as to other countries that any action that targets the U.S. Government or U.S. companies, American citizens, is of deep concern to us, and we will take appropriate action in response.”

The secretary’s latest meeting with Wang came less than a month after Blinken made a rare trip to Beijing under the Biden administration.

The visit was aimed at soothing ties between the world’s two largest economies amid escalating tensions.

Security experts have argued the incidents demonstrate an acceleration in Beijing’s digital spying capabilities.

“Chinese cyber espionage operators’ tactics had steadily evolved to become more agile, stealthier, and complex to attribute” over the last decade, researchers at cybersecurity firm Mandiant wrote in a blog post Tuesday.

— CNBC’s Rohan Goswami contributed to this report.

The U.S. has accused discount shopping site Temu of possible data risks after its Chinese sister app was pulled from Google’s app store over “malware” — but analysts say they’re not that worried.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside Google’s Play store were found to contain malware, Temu is “not as aggressive,” one analyst said.

The malware in Pinduoduo was found to leverage specific vulnerabilities for Android phones, allowing the app to bypass user security permissions, access private messages, modify settings, view data from other apps and prevent uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, but the Chinese online retailer denied those claims.

According to analysis by Kevin Reed, chief information security officer at cybersecurity firm Acronis, Pinduoduo requests for as many as 83 permissions — including access to biometrics, Bluetooth and information about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” said Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Reed.

Pinduoduo is a China-based e-commerce app that sells everything from groceries to clothing. It is the flagship product of Nasdaq-listed Chinese company PDD Holdings which also owns Temu. Temu’s headquarters are located in Boston.

“There should be no need for biometric data to be stored on an e-commerce website or app. I personally wouldn’t want my biometric data to be stored anywhere else other than my device,” said Sean Duca, vice president and regional chief security officer for Asia Pacific and Japan at cybersecurity firm Palo Alto Networks.

“Biometrics have a lot greater value than anything else, because I can’t simply change my fingerprint at all, unlike passwords,” said Duca.

He also questioned why access to Wi-Fi information was necessary. If it is corporate Wi-Fi that the user is connected to, it will “become a very lucrative target for cyber criminals where they start to actually gain access to this information,” cautioned Duca. “But why does an e-commerce provider actually need that?”

Temu, dubbed a copycat of fast-fashion label Shein, is taking the U.S. market by storm.

Just 17 days after its launch in September, the app surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia data shared with CNBC. It launched in the U.K. in March, just weeks after entering Australia and New Zealand.

The fact that Pinduoduo “has requested even more permissions than Temu app even though they seem to be a similar kind of applications seems over-intrusive to me,” said Reed.

“Pinduoduo is much more aggressive in collecting users’ information,” said Reed who claimed the data was “obviously [transferred] back to the company.”

PDD Holdings did not respond to CNBC’s request for comment regarding those permissions.

In comparison, the Temu app requests for 24 permissions, said Reed. Some of these permissions include access to Bluetooth and information about Wi-Fi networks.

“There have been no reports of the malicious functionality present in official Play, App Store or third-party versions of Temu. The keys used to sign the Pinduoduo malware are not the same keys used to sign the Temu app,” said Daniel Thanos, vice president and head of Arctic Wolf Labs, the threat intelligence arm of cybersecurity firm Arctic Wolf.

“Based on our analysis, it appears that this malware is targeting Chinese users primarily, as it appears to target devices usually sold and used in China such as Xiaomi, Vivo, Oppo, Samsung, etc, and their corresponding applications,” said Thanos. PDD Holdings did not immediately respond to CNBC’s request for comment.

In a report on Chinese “fast fashion” platforms published in April, the U.S.-China Economic and Security Review Commission accused Temu and Shein of posing possible data risks.

Shein and Temu “primarily rely on U.S. consumers downloading and using Chinese apps to curate and deliver products,” said the report.

“These firms’ commercial success has encouraged both established Chinese e-commerce platforms and startups to copy its model, posing risks and challenges to U.S. regulations, laws, and principles of market access,” it said.

Chinese-owned apps face intense scrutiny in the U.S. over security concerns. U.S. lawmakers have cautioned that any Chinese-owned apps could be vulnerable to data privacy breaches or interference from the Chinese government.

While politicians often accuse Chinese companies of handing data over to the Chinese government, there is no evidence to support such claims.

“But there’s also a larger play here, which is many other apps that are not talked about are also collecting information and have been doing so for such a very long time,” said Duca, noting it is more of a systemic problem.

One analyst said she was less worried about shopping apps than social media platforms such as TikTok and its sister app Lemon8.

“From a national security standpoint, in addition to creating user profiles with all these data, social media platforms also have the ability to select, promote and demote content based on opaque metrics that ultimately, we don’t really have an insight into,” said Lindsay Gorman, senior fellow for emerging tech at the German Marshall Fund.

For shopping apps, the “real sort of content influence” may be Chinese companies promoting their products which “feels less of a threat to democracy,” said Gorman. Instead, social media apps could promote content about political topics which are much harder to track, she said.

TikTok faces a possible ban in the U.S. after its CEO Shou Zi Chew’s testimony before Congress, which failed to quell lawmakers’ concerns about the app’s ties to China or the adequacy of Project Texas, its plan to store U.S. data on American soil.

“ByteDance is not owned or controlled by the Chinese government. It’s a private company,” Chew said during the hearing.

In his first public interview since the congressional hearing, Chew said at the TED2023 conference last week: “We are building all the tools to prevent any of [Chinese government interference in U.S. elections] from happening.”

He said he was “very confident” the risk can be reduced to as close as zero with the company being “very, very far along” with Project Texas.

Another analyst, Glenn Gerstell, senior advisor at Center for Strategic and International Studies, said these apps are “ultimately controlled by Chinese parties and that’s what the American political system is going to be focused on.” Geopolitical tensions with China will continue to put Chinese apps under scrutiny.

“It may be that if we got more sophisticated, we’d be able to distinguish one app from another and create a safer, more limited and controlled space. But right now, we don’t have that system in place,” said Gerstell.

China wants foreign investment, but it wants them on its own terms.

However, Beijing’s terms aren’t clear for now — and it’s raised concerns and triggered second guessing in the global business community.

Last Monday, state broadcaster CCTV singled out a consulting company for not complying with China’s national security laws.

Shanghai-based Capvision Partners was just the latest company recently subjected to such investigations in the mainland. In March, U.S. due diligence firm Mintz told Reuters police raided its Beijing office, and detained some of its Chinese staff. In April, U.S. management consultancy Bain & Co reportedly confirmed police visited its Shanghai office.

These firms provide due diligence services, which companies and investors routinely employ to determine whether suppliers are complying with rules and regulations – not just in China, but in other jurisdictions as well. They also audit supply chains, among many other services.

At a time when China is actively encouraging foreign investment into the world’s second-largest economy that has been deeply hurt by the country’s long-held zero-Covid policy, such an escalation in China’s concerns about data is hurting sentiment and seems at odds with its overt claims of openness.

“It may seem a paradox,” said Chong Ja Ian, an associate professor at the National University of Singapore who studies Chinese foreign policy. “But this is consistent with what we have seen of the current China leadership: they want more control over all facets of society.”

“This is a government that built its legitimacy on performance, so they would be anxious to maintain a perception of control when the country is facing more pressures from different directions now,” he told CNBC.

“This is a government that built its legitimacy on performance, so they would be anxious to maintain a perception of control when the country is facing more pressures from different directions now, including demands for more access to information,” Chong added.

At a regular press conference helmed by China’s Foreign Ministry a week ago, Beijing appeared keen to downplay the Capvision probe as an isolated incident.

“These are normal law enforcement actions consistent with Chinese laws that aim to promote sound and well-regulated growth of relevant sector and safeguard national security and development interests,” said ministry spokesperson Wang Wenbin.

“The enforcement actions seem very arbitrary now,” Lester Ross, a foreign lawyer in China, told CNBC. “To have multiple companies involved now in this crackdown and the restriction of financial data to foreigners, it appears that Chinese security departments are on to something larger.”

“A major question about Chinese law generally is the need for greater precision in delineating what’s permissible and what’s not: so much of what is now regarded as national security or state secrets is not sufficiently defined or classified,” Ross added.

The accusations against Capvision included claims the consultancy was among those used by foreign institutions with “complex backgrounds” as a pretext to steal state secrets and intelligence in key sectors while evading the law. Chinese authorities alleged that Capvision accepted more than 2,000 remittances from hundreds of overseas companies totaling $70 million between 2017 and 2020, according to a CNBC translation.

State-owned CCTV claimed that Capvision tapped on a vast “network of experts” of about 300,000 people in areas ranging from domestic policy research, national defense and military technology to banking, finance and medicine.

The CCTV program also claimed to feature one of Capvision’s experts who was convicted of disclosing information relating to the number of unnamed military aircraft on the inventory of a particular institution or company, according to a CNBC translation.

In a sign that last week’s state media report has triggered plenty of reassessment in the business community, the state-owned Securities Times reported last Thursday that Chinese regulators have instructed mainland Chinese brokerages securities firms to strengthen compliance over sensitive information, expert invitation and interviews.

The American and European chambers of commerce in China also expressed concern.

The recent investigations “risk heightening uncertainty at a time when European companies are looking for clear signs that China’s business environment is becoming more reliable and predictable,” the European Chamber of Commerce in China said in a statement. “The European Chamber respects the rule of law and expects it to be followed in these cases.”

Last Wednesday, Capvision pledged to “actively address” demands by Chinese authorities about the company’s negligence of its national security responsibilities, having formed a three-person internal “compliance committee” chaired by its chief executive Xu Rujie.

“We are deeply aware we have failed to fully comply with national security responsibilities in our past business activities and there are major hidden dangers and loopholes that have led to serious danger to the country’s national security,” the Shanghai-based company said in a statement, according to a CNBC translation.

Without more details on what is permissible could make it more difficult for prospective investors to do their due diligence before committing to deals, particularly given the nature of doing business in China.

“In a state-driven economy like China’s, a lot of local Chinese companies would have dealings with the government at various levels,” said Chong from NUS. “So some commercial data would inevitably have political and national security implications.”

“I am not sure if the Chinese government is interested in being more precise about what it means,” the professor added. “After all, ambiguity and lack of clarity is a tool commonly used by authoritarian governments to retain and enhance its control.”

More than three weeks ago, a popular Twitter account named “Anonymous” declared that the shadowy activist group was waging a “cyber war” against Russia.

Since then, the account — which has more than 7.9 million followers, with some 500,000 gained since Russia’s invasion of Ukraine — has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring Russian media.

But is any of that true?

It appears it is, says Jeremiah Fowler, a co-founder of the cybersecurity company Security Discovery, who worked with researchers at the web company Website Planet to attempt to verify the group’s claims.

“Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation,” he wrote in a report summarizing the findings.  

Of 100 Russian databases that were analyzed, 92 had been compromised, said Fowler.

They belonged to retailers, Russian internet providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS, an organization made up of Russia and other former Soviet nations that was created in 1991 following the fall of the Soviet Union.

Many CIS files were erased, hundreds of folders were renamed to “putin_stop_this_war” and email addresses and administrative credentials were exposed, said Fowler, who likened it to 2020’s malicious “MeowBot” attacks, which “had no purpose except for a malicious script that wiped out data and renamed all the files.”

Another hacked database contained more than 270,000 names and email addresses.

“We know for a fact that hackers found and probably accessed these systems,” said Fowler. “We do not know if data was downloaded or what the hackers plan to do with this information.”

Other databases contained security information, internal passwords and a “very large number” of secret keys, which unlock encrypted data, said Fowler.

As to whether this was the work of Anonymous, Fowler said he followed Anonymous’ claims “and the timeline matches perfect,” he said.

The Twitter account, named @YourAnonNews, has also claimed to have hacked into Russian state TV stations.

“I would mark that as true if I were a factchecker,” said Fowler. “My partner at Security Discovery, Bob Diachenko, actually captured a state news live feed from a website and filmed the screen, so we were able to validate that they had hacked at least one live feed [with] a pro-Ukrainian message in Russian.”

The account has also claimed to have disrupted websites of major Russian organizations and media agencies, such as the energy company Gazprom and state-sponsored news agency RT.

“Many of these agencies have admitted that they were attacked,” said Fowler.

He called denial of service attacks — which aim to disable websites by flooding them with traffic — “super easy.” Those websites, and many others, have been shuttered at various points in recent weeks, but they are also reportedly being targeted by other groups as well, including some 310,000 digital volunteers who have signed up for the “IT Army of Ukraine” Telegram account.   

Fowler said he didn’t find any instances where Anonymous had overstated its claims.

But that is happening with other hacktivist groups, said Lotem Finkelstein, head of threat intelligence and research at the cybersecurity company Check Point Software Technologies.

In recent weeks, a pro-Ukrainian group claimed it breached a Russian nuclear reactor, and a pro-Russian group said it shut down Anonymous’ website. Check Point concluded both claims were false.

“As there is no real official Anonymous website, this attack … appears to be more of a morale booster for the pro-Russian side, and a publicity event,” CPR said, a fact which did not go unnoticed by Anonymous affiliates, who mocked the claim on social media. 

Groups are making fake claims by posting old or publicly available information to gain popularity or glory, said Finkelstein.

Fowler said he feels Anonymous is, however, dedicated more to the “cause” than to notoriety.

“In what I saw in these databases, it was more about the messaging than saying ‘hey, you know, Anonymous troop No. 21, group five, did this,'” he said. “It was more about the end result.”

Hacktivists who conduct offensive cyber warfare-like activities without government authority are engaging in criminal acts, said Paul de Souza, the founder of the non-profit Cyber Security Forum Initiative.

Despite this, many social media users are cheering Anonymous’ efforts on, with many posts receiving thousands of likes and messages of support.

“They’re almost like a cyber Robin Hood, when it comes to causes that people really care about, that no one else can really do anything about,” said Fowler. “You want action now, you want justice now, and I think groups like Anonymous and hacktivists give people that immediate satisfaction.”

Many hacktivist groups have strong values, said Marianne Bailey, a cybersecurity partner at the consulting firm Guidehouse and former cybersecurity executive with the U.S. National Security Agency. Cyber activism is a low-cost way for them to influence governmental and corporate actions, she said.

“It is protesting in the 21st century,” said Bailey.  

Yet cheering them on can be dangerous in the “fog of war,” she said.

“A cyberattack has the potential for such an immediate impact, in most cases well before any accurate attribution can be determined,” she said. “A cyber strike back or even kinetic strike back could be directed to the wrong place. And what if that misattribution is intentional? What if someone makes the attack appear from a specific country when that’s not true?”

She said cyber warfare can be cheaper, easier, more effective and easier to deny than traditional military warfare, and that it will only increase with time.

“With more devices connected to this global digital ecosystem the opportunity for impact continues to expand,” she said. “It will undoubtedly be used more often in future conflicts.”