In a significant cybersecurity incident, Microsoft revealed that a Russian hacking group gained unauthorized access to email accounts of some senior leaders. The intrusion by a group identified as Midnight Blizzard or Nobelium, was detected on January 12, 2024. Microsoft’s security team responded to the nation-state sponsored hacking. Midnight Blizzard, previously responsible for the SolarWinds breach in 2020, targeted a small percentage of Microsoft corporate email accounts. These included those of senior leadership, cybersecurity, and legal departments. News of the hack came in a required 8-K filing with the SEC.
“No Evidence”
The hackers, employing a password spray attack, gained initial access in late November 2023. While some emails and documents were exfiltrated and Microsoft notes the focus was on information related to Midnight Blizzard. Fortunately, there is no evidence of access to customer environments or AI systems. The ongoing investigation involves collaboration with law enforcement, and affected employees are being notified. In a blog post on the hack, Microsoft noted, ” The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.”
This incident underscores the persistent risk posed by well-resourced nation-state hackers like Midnight Blizzard. Microsoft commits to sharing more information as the investigation progresses. The FBI is actively addressing the incident, urging all cyber incident victims to contact their local FBI field office. In a statement to CNN, the FBI said, “The FBI is aware of the incident and we are diligently working with our federal partners to provide assistance. As always, we encourage any victim of a cyber incident to contact their local FBI field office.”