Microsoft says that Russian government-backed hackers called Midnight Blizzard broke into its system and caused a breach. The company warns that all organisations are now at risk from well-resourced nation-state threat players.
In a recent statement with the U.S. Securities and Exchange Commission, the company said this.
Microsoft said hackers got into corporate email accounts and read people’s messages on its top leadership team and in legal, cybersecurity, and other departments. It said the hackers were able to get some emails and documents linked to them out of its system.
Microsoft claimed that the hackers who accessed its system from late November 2023 to January 12, 2024, wanted their data.
Read also: Microsoft, Vodafone to power up digital transformation in Europe, Africa
The filling
According to the SEC filing, Microsoft’s security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
Microsoft has identified Midnight Blizzard, the Russian state-sponsored actor known as Nobelium, as the threat actor. As part of our Secure Future Initiative (SFI), we are publishing this update to confirm our commitment to responsible disclosure.
In late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain access to a tiny percentage of Microsoft corporate email accounts, including those of our senior leadership team and cybersecurity, legal, and other employees and exfiltrated some emails and attached documents.
Microsoft said its investigation shows the attackers initially targeted email accounts for Midnight Blizzard information.
According to the company, employees whose emails were accessed are being notified.
Customers not affected
The company said the attack was not caused by a product or service vulnerability because customers were unaffected. Microsoft has no evidence that the threat actor accessed client environments, production systems, source code, or AI systems. Microsoft said it would alert consumers of any action needed.
“Well-resourced nation-state threat actors like Midnight Blizzard continue to threaten all organisations.
At Secure Future Initiative (SFI), we announced late last year that threat actors funded by nation-states are changing the balance between security and business risk. The traditional calculus is no longer sufficient.
Microsoft found it necessary to move quickly after this occurrence. We will instantly apply our current security requirements to Microsoft-owned older systems and internal business processes, even if they interrupt them, the company said.
Microsoft acknowledged that this will likely cause some disruption as it adjusts to this new reality, but it is a necessary move and the first of many to adopt this attitude.