Russian nation-state hackers compromised Microsoft’s corporate systems and gained access to the email accounts of the company’s employees, including senior staff, and “exfiltrated some emails and attached documents.”
The intrusion, which Microsoft has attributed to a Russian government-backed group it tracks as Midnight Blizzard (aka APT29, Cozy Bear and Nobelium), took place in November 2023 and was discovered on January 12, 2024. Nobelium, notably, is the same threat actor believed to be responsible for the infamous SolarWinds breach back in 2020.
As per Microsoft, the attackers compromised a legacy non-production test tenant account using a password spray attack. After gaining a foothold, the threat actor used the account’s permissions to access “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.”
The tech giant said that Midnight Blizzard’s initial goal was to obtain information related to the group itself
“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company noted.
