Priya Patel
TLDR
Microsoft announced that a Russian state-sponsored hacker group, known as “Midnight Blizzard,” breached its corporate systems on January 12, stealing some emails and documents from staff accounts. The group targeted Microsoft to gain information about its operations. Microsoft’s threat research team has been investigating the group, which used a “password spray attack” to breach the company’s platform. Microsoft conducted an investigation and disrupted the malicious activity, blocking the group’s access to its systems. The attack did not compromise customer environments, production systems, source code, or AI systems. The disclosure follows a new regulatory requirement by the US Securities and Exchange Commission (SEC) for publicly-owned companies to promptly disclose cyber incidents.
Key Points
- A Russian state-sponsored hacker group breached Microsoft’s corporate systems, stealing emails and documents.
- The group targeted Microsoft to gain information about its operations.
- Microsoft’s threat research team has been investigating the group, known as “Midnight Blizzard.”
- The hackers used a “password spray attack” to breach Microsoft’s platform.
- Microsoft conducted an investigation and disrupted the malicious activity, blocking the group’s access to its systems.
- The attack did not compromise customer environments, production systems, source code, or AI systems.
- A new regulatory requirement mandates publicly-owned companies to promptly disclose cyber incidents.
Microsoft announced that a Russian state-sponsored group known as “Midnight Blizzard” hacked into its corporate systems on January 12, stealing some emails and documents from staff accounts. The breach affected a small percentage of Microsoft’s corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions. The hackers used a technique called “password spray attack,” infiltrating the company’s systems by using the same compromised password against multiple related accounts.
The Russian hackers were initially targeting Microsoft to gather information about the company’s operations. Microsoft’s threat research team, which routinely investigates nation-state hackers, has been analyzing the activities of “Midnight Blizzard” to identify the responsible individuals. The company’s investigation revealed that the hackers launched the attack in November 2023.
Microsoft conducted a thorough investigation into the breach and was able to disrupt the malicious activity, blocking the hackers’ access to its systems. The company stated that the attack did not compromise customer environments, production systems, source code, or AI systems. There is no evidence to suggest that the hackers had access to these critical components of Microsoft’s infrastructure.
The disclosure of the breach comes as a result of a new regulatory requirement by the US Securities and Exchange Commission (SEC). The SEC now mandates publicly-owned companies to promptly disclose cyber incidents. Companies affected by a breach must file a report within four business days of discovery, providing details about the time, scope, and nature of the breach to the government.
“Midnight Blizzard,” also known as APT29, Nobelium, or Cozy Bear, is a hacker group linked to Russia’s SVR spy agency. They are best known for their intrusion into the Democratic National Committee during the 2016 US election. The group’s activities pose a significant risk to organizations, and Microsoft emphasized the threat posed by well-resourced nation-state actors like “Midnight Blizzard.”
In conclusion, Microsoft experienced a breach by a Russian state-sponsored group targeting its corporate systems. The breach resulted in the theft of some emails and documents, but no customer environments or critical systems were compromised. Microsoft was able to disrupt the malicious activity and block the hackers’ access to its systems. The disclosure follows a new regulatory requirement for prompt disclosure of cyber incidents by publicly-owned companies.
