Microsoft has announced that a Russian state-sponsored group successfully infiltrated its corporate systems on January 12, making off with a trove of emails and documents from staff accounts.
According to Microsoft, the sophisticated Russian group managed to gain access to “a very small percentage” of its corporate email accounts, including those of senior leadership team members and employees in crucial departments such as cybersecurity and legal. The company’s threat research team, tasked with investigating nation-state hackers, pointed fingers at the notorious “Midnight Blizzard” from Russia as the responsible entity.
The breach, initiated through a “password spray attack” beginning in November 2023, was meticulously executed to compromise the Microsoft platform. This technique involves infiltrating a company’s systems by utilizing the same compromised password across multiple interconnected accounts.
Both the Russian Embassy in Washington and the Ministry of Foreign Affairs have not responded to requests for comments on the matter.
Microsoft asserted that their investigation into the breach revealed the hackers’ primary objective was to discern what the technology giant knew about their operations. The company successfully disrupted the malicious activity and blocked the group’s access to its systems.
“This attack highlights the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” Microsoft cautioned. Importantly, the company stressed that the breach did not exploit any specific vulnerability in its products or services.
Reassuring its user base, Microsoft stated, “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” as per a company blog.
The disclosure by Microsoft follows a recent regulatory requirement by the U.S. Securities and Exchange Commission (SEC), mandating public companies to promptly disclose cyber incidents. Companies affected by cyberattacks must submit a report detailing the breach’s time, scope, and nature within four business days of discovery.
The alleged perpetrator, Midnight Blizzard, also known as APT29, Nobelium, or Cozy Bear, has been linked to Russia’s SVR spy agency, according to U.S. officials. The group gained notoriety for infiltrating the Democratic National Committee during the 2016 U.S. election.
Widespread usage of Microsoft products across the U.S. government has raised concerns about cybersecurity. The company faced criticism last year when Chinese hackers successfully stole emails belonging to senior U.S. State Department officials, prompting a reevaluation of Microsoft’s security practices.