Tech giant Microsoft has now become the latest name to become entangled in a cyber onslaught orchestrated by Russia-linked hacking group, Midnight Blizzard. The incident was discovered on January 12, 2024, according to a statement by Microsoft, and occurred largely in November of last year.
The cyber intrusion, orchestrated by Midnight Blizzard, involved a meticulous “password spray” attack. Characterized as a sophisticated “brute force attack,” this technique systematically attempts multiple passwords on specific user accounts to gain unauthorized access. The attack in question went on to span several weeks, and Midnight Blizzard specifically targeted a “small number” of email accounts, including those of senior leadership figures within Microsoft, particularly individuals in cybersecurity and legal roles. As of now, Microsoft revealed that it is working to fix the older systems.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed. The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company noted in an official statement on the matter.
Midnight Blizzard, also recognized as Nobelium or APT29, boasts a notorious history intricately tied to high-profile cyber-espionage activities, and is believed to be run by Russia’s Foreign Intelligence Service (SVR). The group’s involvement in the SolarWinds cyberattack of 2020, a campaign targeting US federal agencies, firmly established it as a sophisticated and state-sponsored threat actor. Upon detecting the breach, Microsoft promptly initiated a comprehensive response plan.
Collaborating with law enforcement agencies, the company said it took decisive action to mitigate potential impacts. While the cyberattack resulted in the exfiltration of emails and attached documents, Microsoft reassures stakeholders that critical customer data, production systems, source code, and AI systems remain secure. The aftermath of the cyberattack sees Microsoft immersed in an ongoing investigation.