Microsoft Suffers Severe Attack by Russian Cyberespionage Group

This post is also available in: עברית (Hebrew)

Microsoft was attacked by the Russian hacking group Midnight Blizzard, which reportedly broke into its corporate networks on January 12 and stole some sensitive emails and documents from its staff accounts.

The company reported that luckily the hackers only managed to access “a very small percentage” of its corporate email accounts, but the breached accounts unfortunately contained some of its senior leaders and employees in charge of cybersecurity, legal, and other critical functions.

According to Reuters, the Midnight Blizzard is a notorious state-sponsored cyberespionage group that has been linked to Russia’s spy agency. The group is also known as APT29, Nobelium, or Cozy Bear.

Microsoft further reports that the hackers were initially interested in discovering what Microsoft knew about their activities and operations. They apparently used a “password spray attack” technique to breach a Microsoft platform back in November 2023 (which consists of trying the same compromised password against multiple related accounts).

According to Interesting Engineering, Microsoft detected and disrupted the malicious activity and blocked the hackers’ access to its systems, claiming that the attack was not caused by any specific vulnerability in its products or services and that there was no evidence that the hackers had access to customer environments, production systems, source code, or AI systems.

Microsoft’s blog post stated that the attack highlights the continued risk posed to all organizations by well-resourced nation-state threat actors like Midnight Blizzard.

The disclosure of this breach follows a new regulation by the US Securities and Exchange Commission that requires publicly traded companies to report cyber incidents within four business days of discovery, in which the companies must disclose the breach’s time, scope, and nature to the government.