Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
As part of our ongoing commitment to responsible transparency as recently affirmed in our Secure Future Initiative, we are sharing this update.
Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.
The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.
We are in the process of notifying employees whose email was accessed.
The attack was not the result of a vulnerability in Microsoft products or services.
To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.
This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.
As we said late last year when we announced Secure Future Initiative, given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk - the traditional sort of calculus is simply no longer sufficient.
For Microsoft, this incident has highlighted the urgent need to move even faster.
We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.
This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy.
We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators.
We are deeply committed to sharing more information and our learnings, so that the community can benefit from both our experience and observations about the threat actor.


This Cyber News was published on msrc.microsoft.com. Publication date: Fri, 19 Jan 2024 22:13:04 +0000


Cyber News related to Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
9 months ago Cybersecuritynews.com
Star Blizzard increases sophistication and evasion in ongoing attacks - Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard. Star Blizzard has improved their detection evasion capabilities since 2022 while remaining ...
1 year ago Microsoft.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
10 months ago Darkreading.com
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
10 months ago Techtarget.com
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard - The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further ...
11 months ago Msrc.microsoft.com
The Russians are coming! Err, they've already infiltrated The Register - Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance. In a joint security alert issued on ...
1 year ago Go.theregister.com
TeamViewer breached by Russian state actor Midnight Blizzard - TeamViewer's corporate network was breached this week in an attack that the remote access software vendor attributed to Russian state-sponsored threat actor Midnight Blizzard. The company wrote at the time that it immediately began an investigation ...
5 months ago Techtarget.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
10 months ago Bleepingcomputer.com
Microsoft Claims Russian Hackers are Attempting to Break into Company Networks. - Microsoft warned on Friday that hackers affiliated to Russia's foreign intelligence were attempting to break into its systems again, using data collected from corporate emails in January to seek new access to the software behemoth whose products are ...
9 months ago Cysecurity.news
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
10 months ago Bleepingcomputer.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
2 months ago Securityaffairs.com
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts ...
8 months ago Cisa.gov
Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack - Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. The ...
5 months ago Securityweek.com
Microsoft breached by Russian APT behind SolarWinds attack - Midnight Blizzard, previously referred to as Nobelium, is best known as the threat actor behind the infamous supply chain attack against SolarWinds in late 2020. The advanced persistent threat group, more commonly known as Cozy Bear and APT29, ...
10 months ago Techtarget.com
Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report - To illuminate the evolving digital threat landscape and help the cyber community understand today's most pressing threats, we released our annual Microsoft Digital Defense Report. This year's report focuses on five key topics: cybercrime, ...
1 year ago Csoonline.com
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
2 months ago Gbhackers.com
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza - Cyberattack activity in the Israel-Hamas war has shown a decided lack of sophistication, and researchers warn that nation-state attackers are more involved than originally thought. That's in stark contrast to state-sponsored advanced persistent ...
1 year ago Darkreading.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack - Microsoft's corporate systems were compromised back in late November by the same Russian nation-state actor behind the 2020 SolarWinds Orion software supply chain cyberattack, known to Microsoft threat researchers as Midnight Blizzard. The breach ...
10 months ago Darkreading.com
Russia's 'Star Blizzard' APT Upgrades its Stealth, Only to Be Unmasked Again - After multiple exposures and disruptions, a Kremlin-sponsored advanced persistent threat actor has once again upgraded its evasion techniques. That move was also exposed this week, by Microsoft. Historically, it has focused its aim on public and ...
1 year ago Darkreading.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
10 months ago Microsoft.com
Star Blizzard New Evasion Techniques to Hijack Email Accounts - Hackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:-. Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian ...
1 year ago Gbhackers.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
11 months ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
11 months ago Bleepingcomputer.com
Microsoft Says State-Sponsored Attackers Accessed Senior Leaders' Emails - Microsoft disclosed on Jan. 19 that a nation-state backed attack occurred beginning in November 2023 in which the Russian state-sponsored threat actor group Midnight Blizzard accessed some Microsoft corporate emails and documents through compromised ...
10 months ago Techrepublic.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)