On January 12, Microsoft’s security team detected and swiftly responded to a cyberattack. In a blog post, the tech giant detailed their immediate actions to investigate and mitigate the attack, ultimately blocking the attacker from further access.
The attack was attributed to Midnight Blizzard, a group recognized as a Russian state-sponsored actor, also known as Nobelium. According to Microsoft, this group initiated their attack in late November 2023 using a password spray technique. They targeted a legacy non-production test tenant account to gain initial entry into Microsoft’s systems.
Despite the intrusion, Midnight Blizzard accessed only a minimal portion of Microsoft’s corporate email accounts. This included some senior leadership and employees in cybersecurity, legal, and other departments. The attackers managed to exfiltrate a number of emails and attached documents. Microsoft emphasized that this breach was not due to any vulnerability in their products or services.
In light of this attack, Microsoft referenced its Secure Future Initiative, launched last year. The company acknowledged the challenges posed by well-resourced nation-state threat actors and the need for a shift in the balance between security and business risk. Microsoft stated that traditional approaches to this balance are no longer adequate, and this incident underscores the necessity for more rapid progress in cybersecurity measures. This development comes as Microsoft continues to enhance its cybersecurity division, despite past criticisms regarding its security track record.
