Russian data breach of Microsoft continues

Update: 

• Microsoft says it is still trying to remove Russian state-sponsored hackers from email accounts belonging to some of the company’s senior executives, The Associated press reports. 
• The company states the hackers, who are from Russia’s foreign intelligence service, stole secrets from email communications between itself and unspecified customers. 
• The hackers initially breached corporate email accounts belonging to certain Microsoft senior leadership, cybersecurity and legal team members in November. 
• Microsoft first announced the incident in January, saying at that time it had mitigated a cyberattack from the hacking group Midnight Blizzard, also known as Nobelium. 
• The company attributed the incident to a password spray attack it says compromised “a legacy non-production test tenant account and gained a foothold.” 

Microsoft data breach overview: 

• Who: Microsoft announced it detected and mitigated a cyberattack from Russian state-sponsored hacker Midnight Blizzard, otherwise known as Nobelium.
• Why: In November, the group obtained access to some Microsoft corporate email accounts, including Microsoft senior leadership and cybersecurity and legal team members.
• Where: The Microsoft data breach compromised U.S.-based servers and employees.

(Jan 23, 2024)

On Jan. 12, Microsoft identified a cyberattack from a Russian state-sponsored group that gained access to the email accounts of some Microsoft employees, including senior leadership, cybersecurity and legal team members.

The group, named Midnight Blizzard, accessed the accounts following a password spray attack in November 2023 that compromised “a legacy non-production test tenant account and gained a foothold,” Microsoft says in a blog post.

Midnight Blizzard accessed the account’s permissions to some of Microsoft’s corporate email accounts. It then exfiltrated emails and obtained their attached documents, Microsoft says.

The company says it is in the process of notifying Microsoft employees who were part of the Microsoft data breach.

“The attack was not the result of a vulnerability in Microsoft products or services,” the Microsoft blog post states. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or AI systems. We will notify customers if any action is required.”

Microsoft makes attack public due to transparency commitment

Microsoft says it made the Midnight Blizzard attack public because it committed to transparency in its Secure Future Initiative.

“Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk — the traditional sort of calculus is simply no longer sufficient,” the company says in the blog post. “For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.”  

The internal investigation into the Microsoft data breach indicates Midnight Blizzard, also known as Nobelium, initially accessed the Microsoft employees’ emails to search for information on itself, Microsoft says. It adds the cyberattack shows the continued risk of well-funded hackers such as Midnight Blizzard.

In October 2022, Microsoft publicly disclosed a misconfigured internet-accessible Microsoft server exposed sensitive customer information. 

Has your information ever been compromised in a cyberattack? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• Fidelity data breach affects 28,000+ customers
• American Express data breach exposes customer names, card numbers, more
• Consumers file class actions over American Vision Partners data breach
• Golden Corral class actions allege company failed to safeguard employees’ data