Microsoft announced that a Russian-sponsored hacking group compromised multiple email accounts belonging to some of the company's top executives. The company first announced the attack in a regulatory filing today.
More details about the attack were published on the Microsoft Security Response Center blog. It noted that back in November 2023, the hacking group known as Nobelium and MidnightBlizzard "compromised a legacy non-production test tenant account using a password spray attack." The cyberattack successfully accessed a number of corporate email accounts.
Microsoft said the email accounts were used by "members of our senior leadership team and employees in cybersecurity, legal and other functions." The group also "leaked a number of emails and attached documents."
The company said it only became aware of the attack last week (January 12). The company has taken steps to "mitigate the attack and block further access by the threat actors." Microsoft added: The attack was not caused by a vulnerability in Microsoft products or services. To date, there is no evidence that this threat actor had access to customer environments, production systems, source code, or artificial intelligence systems.
In November, Microsoft announced new measures to improve digital security after hackers from China breached Outlook-based government email accounts in the United States and Europe. The Secure Future Initiative will use new and improved methods to detect cyber threats faster, including the use of artificial intelligence-based measures.
Today, Microsoft said that a new Nobelium-MidnightBlizzard attack on its own systems "highlights the urgent need to act faster." Microsoft added: We will take immediate action to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even if these changes may cause disruption to existing business processes.
The company also said it will cooperate with law enforcement and regulators as it continues to investigate the cyberattack and will provide more details "in due course."
learn more:
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/