In a recent blog post, Microsoft revealed that its corporate systems were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard. The cyberattack began in late November and was only discovered on January 12. The same highly skilled Russian team behind the SolarWinds breach was identified as the responsible party.
The hacking group accessed a limited number of Microsoft corporate accounts, including those belonging to members of the leadership team, as well as employees in cybersecurity and legal departments. Microsoft reported that only a “very small percentage” of accounts were affected, and some emails and attached documents were stolen.
Microsoft’s threat research team attributed the breach to a “password spray attack” initiated in November 2023. This technique involves using a compromised password across multiple related accounts to infiltrate a company’s systems. The company clarified that the attack was not due to any specific vulnerability in its products or services.
The investigation indicated that the Russian hackers were initially targeting Microsoft to gain insight into what the company knew about their operations. Microsoft emphasized that there is no evidence the threat actors had access to customer environments, production systems, source code, or AI systems.
The Russian hacking group Midnight Blizzard, also known as APT29, Nobelium, or Cozy Bear, is linked to Russia’s SVR spy agency. This group gained notoriety for its intrusions into the Democratic National Committee during the 2016 US elections. Microsoft highlighted the risk posed by such well-resourced nation-state threat actors.
Despite the breach, Microsoft clarified that there is no evidence suggesting access to customer environments, production systems, source code, or AI systems. The company’s products are widely used across the US government, and this incident follows previous security concerns, such as Chinese hackers stealing emails from senior US State Department officials.
Midnight Blizzard, previously known as Nobelium, gained attention during the SolarWinds hacking campaign, described by Microsoft as “the most sophisticated nation-state attack in history.” The campaign affected several US government agencies, private companies, and think tanks.
The Russian embassy in Washington and the ministry of foreign affairs have not responded to requests for comments on the recent cyberattack. Microsoft urged organizations to remain vigilant against similar threats from well-resourced nation-state actors like Midnight Blizzard.
Comments