Microsoft has disclosed that a Russian hacking group, identified as Midnight Blizzard, infiltrated the email accounts of some of its senior leaders. This breach, part of a larger cyber-attack, was first detected by Microsoft's security team on January 12, 2024.
This incident echoes the notorious SolarWinds breach in 2020, a significant cyber intrusion also attributed to the same group. Midnight Blizzard, also known as Nobelium, has a history of sophisticated cyber-attacks. The Microsoft Security Response Center, in a recent blog post, detailed their swift response to the attack, which involved mitigating the attack and denying further access to the hackers.
However, the damage was already done. Hackers had gained access to a "very small percentage" of email accounts, some of which belonged to members of Microsoft's senior leadership team, as well as employees in its cybersecurity and legal departments.
The Nature of the Breach
The breach's implications are still being unraveled. Microsoft confirmed that the hackers successfully exfiltrated some emails and attached documents. Intriguingly, the preliminary investigation suggests that the attackers were primarily interested in information related to Midnight Blizzard itself.
This pattern of seeking insights into the response to their intrusions is reminiscent of their strategy during the SolarWinds hack. The method of this breach was a "password spray attack," which involves using commonly known passwords to gain access to a large number of accounts.
Microsoft's ongoing investigation is conducted in collaboration with law enforcement and regulatory bodies. The company has also begun notifying affected employees and has stated there is currently no evidence of the hackers accessing customer environments or AI systems.
This latest incident underscores the persistent risk posed by well-resourced nation-state threat actors like Midnight Blizzard. Despite the sophistication of Microsoft's cybersecurity measures, the attack highlights the need for constant vigilance in the face of evolving cyber threats.
The Cybersecurity and Infrastructure Security Agency has yet to comment on the hack. The FBI, however, in a statement to CNN, acknowledged the incident, emphasizing their collaboration with federal partners in providing assistance.