CyberSecurityBoard
Sponsor Register Login

Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack

Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers.
The mega-breach, which led to a US government investigation and a massive overhaul of Microsoft's security practices, was previously known to expose Microsoft source code and corporate emails but it appears that a larger base of the company's customers were among the victims.
According to published reports, Redmond's incident response team is providing a secure portal for customers to view specifics of emails stolen by the Midnight Blizzard threat actor.
While the full scope of the incident remains in flux, surprised customers posted screenshots of the latest Microsoft notifications on social media, confirming the hack had a broader impact on the company's customer base.
Midnight Blizzard/Nobelium is the same group that was attributed to hacking IT management solutions provider SolarWinds in a massive supply chain attack in 2020.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 28 Jun 2024 18:13:05 +0000


Cyber News related to Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack

Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
1 year ago Cybersecuritynews.com Cozy Bear APT29
Star Blizzard increases sophistication and evasion in ongoing attacks - Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard. Star Blizzard has improved their detection evasion capabilities since 2022 while remaining ...
1 year ago Microsoft.com
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
1 year ago Darkreading.com Cozy Bear
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
1 year ago Techtarget.com
Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack - Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. The ...
1 year ago Securityweek.com
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com Cozy Bear APT29
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
10 months ago Esecurityplanet.com
The Russians are coming! Err, they've already infiltrated The Register - Russia-backed attackers have named new targets for their ongoing phishing campaigns, with defense-industrial firms and energy facilities now in their sights, according to agencies of the Five Eyes alliance. In a joint security alert issued on ...
1 year ago Go.theregister.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
5 months ago Cybersecuritynews.com
Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard - The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further ...
1 year ago Msrc.microsoft.com
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
Microsoft Claims Russian Hackers are Attempting to Break into Company Networks. - Microsoft warned on Friday that hackers affiliated to Russia's foreign intelligence were attempting to break into its systems again, using data collected from corporate emails in January to seek new access to the software behemoth whose products are ...
1 year ago Cysecurity.news
How To Prioritize Threat Intelligence Alerts In A High-Volume SOC - This article explores practical strategies and frameworks for prioritizing threat intelligence alerts in high-volume SOC environments, helping security teams focus on what matters most while reducing alert fatigue and improving overall security ...
3 months ago Cybersecuritynews.com
Russia's 'Star Blizzard' APT Upgrades its Stealth, Only to Be Unmasked Again - After multiple exposures and disruptions, a Kremlin-sponsored advanced persistent threat actor has once again upgraded its evasion techniques. That move was also exposed this week, by Microsoft. Historically, it has focused its aim on public and ...
1 year ago Darkreading.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
10 months ago Securityaffairs.com
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts ...
1 year ago Cisa.gov
Star Blizzard New Evasion Techniques to Hijack Email Accounts - Hackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:-. Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian ...
1 year ago Gbhackers.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
10 months ago Gbhackers.com
TeamViewer breached by Russian state actor Midnight Blizzard - TeamViewer's corporate network was breached this week in an attack that the remote access software vendor attributed to Russian state-sponsored threat actor Midnight Blizzard. The company wrote at the time that it immediately began an investigation ...
1 year ago Techtarget.com Cozy Bear APT29
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
1 year ago Cybersecurity-insiders.com
15 Best Website Monitoring Tools in 2025 - What is Good ?What Could Be Better ?SolarWinds allows network, infrastructure, application, and other monitoring.SolarWinds’ security was questioned after a major breach.The platform’s interface is easy to set up and use.Basic monitoring ...
1 week ago Cybersecuritynews.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
3 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)