Microsoft has revealed that its senior leadership team's email accounts were breached by hackers supported by the Russian government. The breach allowed the hackers, known as Midnight Blizzard or Nobelium, to access and read some email messages and attached documents.
A Nation-State Attack Detected
On January 12, Microsoft detected a nation-state attack on its corporate systems and swiftly activated its response process. The aim was to investigate, disrupt malicious activity, mitigate the attack, and prevent the threat actors from gaining further access.
Midnight Blizzard Strikes Again
This is not the first time that Microsoft has encountered cyber threats from Midnight Blizzard. In August, the company disclosed an attack that targeted small businesses via Microsoft Teams chats.
Password Spray Attack
Starting in late November, Midnight Blizzard employed a password spray attack technique, which involves using common passwords across multiple accounts. By targeting a non-production test account, the hackers were able to leverage its permissions to gain access to a limited number of Microsoft corporate email accounts. These compromised accounts included those belonging to members of the senior leadership team and employees in critical departments such as cybersecurity and legal.
Microsoft has taken immediate steps to address the breach and enhance its cybersecurity measures.
Microsoft Investigates Cyber Attack on Midnight Blizzard
Microsoft has recently conducted an investigation into a cyber attack targeting Midnight Blizzard. The tech giant clarified that the attack did not exploit any vulnerabilities in their products or services.
According to Microsoft's findings, the attackers were primarily seeking information directly linked to Midnight Blizzard. Fortunately, there is currently no evidence to suggest that these threat actors gained access to customer environments, production systems, source code, or AI systems.
In response to this breach, Microsoft is taking strong measures to enhance security measures while managing business risks. The company recognizes the resources and funding possessed by certain hacking groups and aims to strike a balance. This means implementing immediate security standards on their legacy systems and internal business processes. Although these changes may disrupt existing processes, they are necessary to adapt to the evolving threat landscape.
As the investigation continues, Microsoft commits to taking further actions based on its outcomes. Collaboration with law enforcement agencies and relevant regulators will remain a priority throughout this process.