Microsoft’s Senior Executive’s Emails Breached by Midnight Blizzard

Microsoft announced recently that it suffered a nation-state attack on corporate systems that resulted in the access of emails and its contents from senior executives and other individuals in the cybersecurity and legal departments. Microsoft identified the attacker as Midnight Blizzard, a Russian state-sponsored actor, known also as Nobelium.

Microsoft immediately activated a response to investigate, disrupt and mitigate the malicious activities. The attack began in November 2023 when the threat actor used a password spray attack to compromise a legacy non-production test tenant account, gaining a foothold.

The attacker used the account’s permission to access only a limited number of Microsoft corporate email accounts, including members of the senior leadership, as well as employees in cybersecurity, legal, and other departments. During the attack, emails and attached documents were exfiltrated, but the investigation reveals that emails targeted related to information about Midnight Blizzard itself.

Microsoft emphasizes that the attack was not due to any potential vulnerability in Microsoft products or services. There is no evidence for any access the threat actor might have had to customer environments, production systems, source code, or AI systems.

Microsoft further claims that they will immediately apply current security standards to Microsoft-owned legacy systems and internal business processes, even in the case of disruptions in existing business processes. The investigation will continue, and additional actions will be taken, so that the community can benefit from its outcomes and conclusions.