Article Details
Scrape Timestamp (UTC): 2024-01-20 00:21:40.822
Original Article Text
Click to Toggle View
Russian hackers stole Microsoft corporate emails in month-long breach. Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its response to investigate, disrupt, and mitigate the breach. Their investigation has determined that they were breached by the threat actor known as Midnight Blizzard, aka Nobelium or APT29. Microsoft says that the threat actors breached their systems in November 2023 when they conducted a password spray attack to gain access to a legacy non-production test tenant account. Using this account's permissions, Nobelium was able to access a small percentage of Microsoft's corporate email accounts for over a month, including members of the leadership team and those in the cybersecurity and legal departments. This access allowed the attackers to steal emails and attachments from the corporate accounts. "The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," the Microsoft Security Response Center shared in a report on the incident. "We are in the process of notifying employees whose email was accessed." Microsoft reiterates that this breach was not caused by a vulnerability in their products and services but rather by a brute force password attack on their accounts. While Microsoft is still investigating the breach, they said they will share additional details as appropriate. Who is Nobelium Nobelium is a Russian state-sponsored actor believed to be behind the 2020 SolarWinds supply chain attack, which also impacted Microsoft. Microsoft later confirmed that the SolarWinds attack allowed the hackers to steal source code for a limited number of Azure, Intune, and Exchange components. In June 2021, the hacking group breached a Microsoft corporate account again, allowing them to access customer support tools. The hacking group is believed to be part of Russia's Foreign Intelligence Service (SVR) and has been linked to numerous attacks worldwide, including attacks on diplomats and government agencies.
Daily Brief Summary
Russian state-sponsored hackers, known as Midnight Blizzard, breached Microsoft corporate email accounts.
Microsoft's security team detected the issue on January 12th and commenced investigative and mitigation activities.
The hackers accessed the system via password spray attack, compromising a non-production account.
Compromised accounts include those of leadership, cybersecurity, and legal department personnel, with email and attachment theft occurring.
The target of the attack seems to be information concerning the Midnight Blizzard group itself.
Microsoft is notifying affected employees and assures that the breach was due to an account attack, not a product vulnerability.
Nobelium, the group behind the attack, is notorious for the 2020 SolarWinds attack and has a history of high-profile breaches, including another Microsoft corporate account breach in 2021.