Microsoft's corporate systems were compromised back in late November by the same Russian nation-state actor behind the 2020 SolarWinds Orion software supply chain cyberattack, known to Microsoft threat researchers as Midnight Blizzard.
The breach wasn't detected until Jan. 12, the company said.
Breached email accounts included those belonging senior leadership, as well as members of the cybersecurity and legal teams, among others, Microsoft said.
Apparently, the Nobelium attacker was poking around for information Microsoft had on their operation.
In its statement, Microsoft vowed a cybersecurity overhaul of its legacy systems, regardless of the impact to operations.
The successful cyberattack against Microsoft should remind cybersecurity teams not to overlook sensitive information contained less critical systems like email and file sharing, according to a statement from Omri Weinberg, co-founder of DoControl.
The fact that the Russian nation-state actor was able to maintain persistence in Microsoft's systems for so long also shows a lack of attention to cloud logging, according to Arie Zilberstein, co-founder and CEO of Gem Security.
The Nobelium APT has harried Microsoft and its services before.
Last summer, the group launched Teams phishing attacks against government and industrial organizations using compromised Microsoft 365 tenants.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 22 Jan 2024 22:00:22 +0000