In a startling revelation, Microsoft announced on Friday that its internal systems were breached by a Russian state-sponsored hacker group known as “Midnight Blizzard.” The attack, which began with a password spray assault in November 2023, resulted in unauthorized access to a small percentage of the company’s corporate email accounts, including those of senior leadership team members.
Microsoft’s threat research team, which routinely investigates nation-state hackers, identified the group responsible for this breach. The hackers, also known as APT29, Nobelium, or Cozy Bear, are reportedly linked to Russia’s SVR spy agency and are notorious for their involvement in the 2016 Democratic National Committee intrusions.
The technology giant disclosed that the breach was not due to any specific vulnerability in its products or services. Instead, the attackers employed a sophisticated technique of infiltrating systems by leveraging a compromised password against multiple accounts. Despite the breach, Microsoft assured that there is no evidence of the threat actor accessing customer environments, production systems, source code, or AI systems.
The incident came to light as part of a new regulatory requirement by the US Securities and Exchange Commission (SEC), mandating publicly-owned companies to disclose cyber incidents within four business days of discovery. Microsoft’s prompt disclosure aligns with these guidelines, providing details on the scope and nature of the breach.
This attack underlines the persistent threat posed by well-resourced nation-state actors like Midnight Blizzard. Microsoft’s response involved a thorough investigation of the incident, successfully disrupting the malicious activity and blocking the group’s access to its systems.
The Russian Embassy in Washington and the Ministry of Foreign Affairs have not responded to requests for comment on the matter. The incident has raised concerns over cybersecurity practices, especially considering the widespread use of Microsoft products across the US government. This breach follows a previous security lapse last year, where Chinese hackers accessed emails of senior US State Department officials, drawing criticism towards Microsoft’s security measures.
The ongoing cybersecurity threats underscore the need for robust security protocols and vigilant monitoring to safeguard against sophisticated nation-state cyberattacks.