Microsoft Targeted in Russian APT Attack: Emails and Attachments Stolen
In a shocking revelation, Microsoft announced on Friday that it had fallen victim to a nation-state attack on its corporate systems. The cyberattack resulted in the theft of emails and attachments belonging to senior executives and individuals in the company’s cybersecurity and legal departments. The tech giant attributed the attack to a Russian advanced persistent threat (APT) group known as Midnight Blizzard, also identified as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes.
Microsoft wasted no time in responding to the breach. Upon discovering the malicious activity on January 12, 2024, the company immediately launched an investigation and took steps to disrupt and mitigate the attack. It is estimated that the campaign began in late November 2023.
According to Microsoft, the threat actors gained access to a legacy non-production test tenant account through a password spray attack. Leveraging the account’s permissions, they were able to infiltrate a small percentage of Microsoft corporate email accounts, including those belonging to senior leadership and employees in cybersecurity, legal, and other departments. The attackers exfiltrated some emails and attached documents during the breach.
It is worth noting that Microsoft clarified that the attack was not a result of any security vulnerability in its products. Furthermore, there is no evidence to suggest that the hackers accessed customer environments, production systems, source code, or AI systems. The focus of the attack appears to have been gathering information related to Microsoft itself.
While Microsoft did not disclose the exact number of email accounts compromised or the specific information accessed, it assured that it was in the process of notifying affected employees about the incident. This incident marks the second time that Midnight Blizzard has targeted Microsoft. In December 2020, they stole source code related to Azure, Intune, and Exchange components. Then, in June 2021, the group breached three Microsoft customers through password spraying and brute-force attacks.
The Microsoft Security Response Center (MSRC) emphasized that this attack underscores the ongoing risk posed by well-resourced nation-state threat actors like Midnight Blizzard. It serves as a reminder that organizations must remain vigilant and take proactive measures to protect their systems and data from sophisticated cyber threats.
As the cybersecurity landscape continues to evolve, it is crucial for companies to prioritize robust security measures and stay one step ahead of malicious actors. Microsoft’s swift response and commitment to investigating and mitigating the attack demonstrate the company’s dedication to safeguarding its systems and customer data.
To stay updated on the latest news and exclusive content, follow us on Twitter and LinkedIn. We will continue to provide valuable insights into the ever-changing world of cybersecurity.