Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard.
The company detected the attack on January 12th, with Microsoft initiating its response to investigate, disrupt, and mitigate the breach.
Their investigation has determined that they were breached by the threat actor known as Midnight Blizzard, aka Nobelium or APT29.
Microsoft says that the threat actors breached their systems in November 2023 when they conducted a password spray attack to gain access to a legacy non-production test tenant account.
Using this account's permissions, Nobelium was able to access a small percentage of Microsoft's corporate email accounts for over a month, including members of the leadership team and those in the cybersecurity and legal departments.
This access allowed the attackers to steal emails and attachments from the corporate accounts.
Microsoft reiterates that this breach was not caused by a vulnerability in their products and services but rather by a brute force password attack on their accounts.
While Microsoft is still investigating the breach, they said they will share additional details as appropriate.
Nobelium is a Russian state-sponsored actor believed to be behind the 2020 SolarWinds supply chain attack, which also impacted Microsoft.
Microsoft later confirmed that the SolarWinds attack allowed the hackers to steal source code for a limited number of Azure, Intune, and Exchange components.
In June 2021, the hacking group breached a Microsoft corporate account again, allowing them to access customer support tools.
The hacking group is believed to be part of Russia's Foreign Intelligence Service and has been linked to numerous attacks worldwide, including attacks on diplomats and government agencies.
Microsoft disrupts Russian hackers' operation on NATO targets.
UK and allies expose Russian FSB hacking group, sanction members.
CISA: Russian hackers target TeamCity servers since September.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 20 Jan 2024 00:05:17 +0000