Russian State-Sponsored Group, Midnight Blizzard, Infiltrates Microsoft Leadership Email Accounts


Title: Russian State-Sponsored Group, Midnight Blizzard, Infiltrates Microsoft Leadership Email Accounts

In a regulatory filing on Friday, Microsoft revealed that a Russian hacking group, identified as Midnight Blizzard, gained unauthorized access to email accounts of senior leaders within the company. The breach, detected by Microsoft’s security team on January 12, 2024, prompted an immediate activation of response measures to investigate, disrupt malicious activities, mitigate the attack, and prevent further access by the threat actor.

Midnight Blizzard, previously known for the SolarWinds breach in 2020, targeted a limited number of Microsoft corporate email accounts, including those of senior leadership, as well as employees in the cybersecurity and legal departments. The intrusion resulted in the exfiltration of some emails and attached documents. Microsoft, however, emphasized that the attackers seemed to be specifically interested in information related to Midnight Blizzard, similar to their tactics during the SolarWinds breach.

The company confirmed that the compromise, initiated through a “password spray attack” in late November 2023, is currently under investigation. Microsoft is in the process of notifying affected employees, assuring that there is no evidence of the hackers gaining access to customer environments or AI systems.

Microsoft pledged ongoing collaboration with law enforcement and regulatory bodies, vowing to share additional information as the investigation progresses. The incident underscores the persistent threat posed by well-resourced nation-state actors like Midnight Blizzard to organizations, emphasizing the need for heightened cybersecurity measures.

Microsoft’s systems have recently been targeted in various high-profile hacking attempts. The Cybersecurity and Infrastructure Security Agency has not yet responded to requests for comment, and Microsoft has declined additional comments. The FBI acknowledged the incident, stating that they are actively working with federal partners to provide assistance and urging any cyber incident victims to contact their local FBI field office.