Microsoft has faced a sophisticated nation-state cyberattack by the notorious Russian state-sponsored actor known as Midnight Blizzard, also identified as Nobelium. Microsoft says the hackers were able to access the email accounts of some members of its senior leadership team late last year.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.”
Microsoft Security Response Center says in a blog post filed late on Friday.
Microsoft clarifies that the attack did not exploit any vulnerabilities in Microsoft products or services. There is no evidence to suggest that the threat actor gained access to customer environments, production systems, source code, or AI systems. Customers will be promptly notified if any further action is required on their part.
This incident underscores the persistent risk posed by well-resourced nation-state threat actors like Midnight Blizzard. In response, Microsoft is accelerating its efforts to recalibrate the balance between security and business risk.
