In a recent revelation, software giant Microsoft disclosed that a state-sponsored Russian hacking group, Midnight Blizzard, gained unauthorized access to email accounts belonging to some of its senior leaders. The security breach was detected on January 12, 2024, prompting an immediate response from Microsoft’s security team.
Midnight Blizzard is a notorious Russian state-sponsored actor responsible for the infamous SolarWinds breach in 2020. In this latest incident, the hackers managed to infiltrate “a very small percentage” of Microsoft’s corporate email accounts. The compromised accounts included those of senior leadership members and employees working in the company’s cybersecurity and legal departments.
Although some emails and attached documents were exfiltrated during the breach, initial investigations suggest that the attackers were primarily interested in information related to Midnight Blizzard itself. This mirrors their previous tactics when they used tampered software from SolarWinds to infiltrate US government agencies and monitor the response to their intrusions.
The breach, which began in late November 2023, was initiated through a “password spray attack.” Password spraying involves attempting to access numerous accounts using commonly known passwords. Microsoft is actively working on the investigation and is collaborating with law enforcement agencies and regulatory bodies.
As a response to the breach, Microsoft is in the process of notifying the affected employees whose email accounts were accessed. Fortunately, there is currently no evidence to suggest that the hackers gained access to customer environments or Microsoft’s AI systems.
This incident serves as a stark reminder of the ongoing risks posed by well-resourced nation-state threat actors like Midnight Blizzard. Microsoft has been the target of several high-profile hacking attempts in recent times, underscoring the constant need for heightened cybersecurity measures.
While the Cybersecurity and Infrastructure Security Agency (CISA) has not yet commented on the breach, the FBI has acknowledged the incident and is actively working with federal partners to provide assistance. The FBI encourages any victim of a cyber incident to contact their local FBI field office.
Microsoft has pledged to share more information publicly as the investigation progresses, shedding further light on the extent and implications of this breach.