Update:
- Microsoft says it is still trying to remove Russian state-sponsored hackers from email accounts belonging to some of the company’s senior executives, The Associated press reports.
- The company states the hackers, who are from Russia’s foreign intelligence service, stole secrets from email communications between itself and unspecified customers.
- The hackers initially breached corporate email accounts belonging to certain Microsoft senior leadership, cybersecurity and legal team members in November.
- Microsoft first announced the incident in January, saying at that time it had mitigated a cyberattack from the hacking group Midnight Blizzard, also known as Nobelium.
- The company attributed the incident to a password spray attack it says compromised “a legacy non-production test tenant account and gained a foothold.”
Microsoft data breach overview:
- Who: Microsoft announced it detected and mitigated a cyberattack from Russian state-sponsored hacker Midnight Blizzard, otherwise known as Nobelium.
- Why: In November, the group obtained access to some Microsoft corporate email accounts, including Microsoft senior leadership and cybersecurity and legal team members.
- Where: The Microsoft data breach compromised U.S.-based servers and employees.
(Jan 23, 2024)
On Jan. 12, Microsoft identified a cyberattack from a Russian state-sponsored group that gained access to the email accounts of some Microsoft employees, including senior leadership, cybersecurity and legal team members.
The group, named Midnight Blizzard, accessed the accounts following a password spray attack in November 2023 that compromised “a legacy non-production test tenant account and gained a foothold,” Microsoft says in a blog post.
Midnight Blizzard accessed the account’s permissions to some of Microsoft’s corporate email accounts. It then exfiltrated emails and obtained their attached documents, Microsoft says.
The company says it is in the process of notifying Microsoft employees who were part of the Microsoft data breach.
“The attack was not the result of a vulnerability in Microsoft products or services,” the Microsoft blog post states. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or AI systems. We will notify customers if any action is required.”
Microsoft makes attack public due to transparency commitment
Microsoft says it made the Midnight Blizzard attack public because it committed to transparency in its Secure Future Initiative.
“Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk — the traditional sort of calculus is simply no longer sufficient,” the company says in the blog post. “For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.”
The internal investigation into the Microsoft data breach indicates Midnight Blizzard, also known as Nobelium, initially accessed the Microsoft employees’ emails to search for information on itself, Microsoft says. It adds the cyberattack shows the continued risk of well-funded hackers such as Midnight Blizzard.
In October 2022, Microsoft publicly disclosed a misconfigured internet-accessible Microsoft server exposed sensitive customer information.
Has your information ever been compromised in a cyberattack? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
40 thoughts onRussian data breach of Microsoft continues
Please add me as a user of Microsoft 365 and outlook. I’ve lost a Microsoft surface to a takeover, reported to Microsoft-no reply and wonder if my information is compromised on 365.
Please add me as a user of Microsoft 365 and outlook. I’ve lost a Microsoft surface to a takeover, reported to Microsoft-no reply and wonder if my information is compromised on 365.
Add me
I just got hit with virus from while using Microsoft which lock up of my PC, now I wonder how safe to use Microsoft.
Please add me
Please add me I am an avid PC tech who has been fighting the breach since Dec 2022, Although this was so much of a pain because it was connected to the AZURE one that happend, As no matter what i did to any of my pcs in the house rebuild new anything they would be compromised within an hour. This was dues the a Hacker adding things in Azure under your email and and adding to you a Active directory keeping you pinged like a company server i fought with them to fix it once last year and the account is still compromised.
Please add ME to this i have spent thousands of dollars on Phones computers routers and more.
Please add me!!
I have been dealing with this since end of January n same situation 3 cell phones 2 desktops and fried 2 laptops. No help from Microsoft in numerous calls n chats n even had a tech being extremely rude stating there is nothing (applications) found downloaded. No help from Microsoft ATT google, Apple, home internet. And 2 ITs. They look at surface in task manager n reset n download antivirus n it doesn’t work. It’s just getting worse. I need to be added to.
Please Add Me.
Please add me.