Software giant, Microsoft, has reported a breach on its system by Russian government-backed hackers known as Midnight Blizzard, with a warning that all organizations now face risks from well-resourced nation-state threat actors.
The company disclosed this in a filing with the U.S. Securities and Exchange Commission on Friday.
Microsoft disclosed that the hackers gained access to some of its corporate email accounts, including members of its senior leadership team and employees in its cybersecurity, legal, and other functions. It said the attackers were able to exfiltrate some emails and attached documents from its system.
According to Microsoft, the hackers who gained access to its system from late November 2023 until they were discovered on January 12, 2024, were targeting information relating to them on Microsoft’s system.
The filling
Providing the details of the attack in the SEC filing, Microsoft said:
- “The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
- Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. As part of our ongoing commitment to responsible transparency as recently affirmed in our Secure Future Initiative (SFI), we are sharing this update.
- “Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.
Microsoft added that its investigation indicates the attackers were initially targeting email accounts for information related to Midnight Blizzard itself.
The company said it was in the process of notifying employees whose email was accessed.
Customers not affected
The company, however, noted that the attack was not the result of a vulnerability in its products or services as customers were not affected. According to Microsoft, to date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. Microsoft said it would notify its customers if any action is required.
- “This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.
- “As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient.
- “For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might disrupt existing business processes,” the company stated.
Microsoft said this would likely cause some level of disruption while it adapts to this new reality, but it is a necessary step, and only the first of several we would be taking to embrace this philosophy.