According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors apparently had access to email accounts of high-ranking employees. However, the attackers are said to have had no access to the customer environments.
On January 12, 2024, the Microsoft security team said it recognized an attack by a nation state on its corporate systems. A response process was then activated to disrupt the malicious activity, mitigate the attack, and deny further access to the threat actor. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
Attacker: Russian actor Midnight Blizzard identified
Microsoft explains: Starting in late November 2023, the threat actor used a password spray attack to compromise an old test tenant's account and get a foot in the door. He then used the account's permissions to access a very small percentage of company email accounts, including executive team members and employees in cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.
The investigation suggests that they initially targeted email accounts that contained information about Midnight Blizzard itself. The attack was not the result of a vulnerability in Microsoft products or services. According to Microsoft, there is no evidence that the threat actor had access to customer environments, production systems, source code or AI systems.
Microsoft wants to strengthen security
For Microsoft, this incident underscored the urgent need to act even faster to apply current security standards to existing legacy systems and internal business processes, even if these changes could disrupt existing business processes. They want to continue to work with law enforcement authorities and the relevant regulatory authorities.
The last attack on Microsoft in 2023, where an Azure AD signing key was stolen was much more serious. At that time, the hack was carried out using vulnerabilities, stolen keys and an Azure AD signing key.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.