Microsoft Confirms Russian-Linked Hack on Employee Emails
Microsoft Corp., under the leadership of Satya Nadella, has disclosed a cyber attack by a Russian-linked group named Midnight Blizzard. The intrusion affected a "small number" of email accounts, including those of senior leadership, cybersecurity, and legal employees.
The company is swiftly addressing the breach, especially on older systems, which may result in some disruption. Microsoft clarified that the hacking group did not access customer systems or servers running outward-facing products. There is no evidence of compromise to source code or artificial intelligence systems.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” says the Microsoft Security Response Center in a blog post filed late on Friday.
Midnight Blizzard, also known as Nobelium, is a sophisticated nation-state hacking group associated with Russia. It was previously implicated in the SolarWinds cyber-espionage effort against US federal agencies.
The intrusion began in November, utilizing a "password spray" attack, a brute force technique involving rapid attempts of multiple passwords on specific usernames to breach targeted corporate accounts. In addition to accessing accounts, the attackers obtained emails and attached documents. Microsoft detected the hack on Jan. 12 and is in the process of notifying affected employees.
The US Cybersecurity and Infrastructure Security Agency is closely collaborating with Microsoft to understand the incident's impacts and protect potential victims. Microsoft, a frequent target of major hacking campaigns, previously faced a 2023 intrusion attributed to China-linked hackers.
In an interview following a 2023 breach, Jen Easterly, director of the US Cyber Safety Review Board, urged Microsoft to prioritize security over new features, emphasizing the importance of being "secure by default and secure by design."
Microsoft announced an overhaul of its security measures in November after a series of high-profile hacks. The recent incident underscores the need for accelerated changes, particularly for older systems and products.