Microsoft disclosed that it fell victim to a cyberattack orchestrated by a Russian-backed group, identified as Midnight Blizzard or “the Russian state-sponsored actor also known as Nobelium.”
The attack, detected by Microsoft’s security team on January 12, exposed the vulnerabilities of some corporate email accounts.
The November Password Spray Attack Technique Revealed
The group allegedly employed a “password spray attack” in late November, a technique involving the use of a single common password against multiple accounts on the same application.
This tactic allowed them to compromise a legacy non-production test tenant account, gaining a foothold in Microsoft’s systems.
According to Microsoft, the attackers then utilized the account’s permissions to access a small percentage of corporate email accounts, including those belonging to senior leadership, cybersecurity professionals, legal staff, and others.
The group exfiltrated some emails and attached documents during the breach.
Read more: Northern Exposure: Alaska Grapples With Reported Natural Gas Pipeline Leak
Microsoft Thwarts Cyberattack, Revokes Access to Compromised Email Accounts
Microsoft took swift action, successfully revoking the hackers’ access to the compromised email accounts on January 13, as reported in a filing with the Securities and Exchange Commission (SEC).
Despite the intrusion, Microsoft reassured stakeholders that there is currently no evidence indicating the threat actor accessed customer environments, production systems, source code, or AI systems.
The company pledged to notify customers promptly if any remedial actions are deemed necessary.
The ongoing investigation continues to delve into the specifics of the cyberattack, aiming to uncover additional details about the extent of the breach and potential impacts.
Microsoft is committed to keeping affected users informed about the incident as the situation develops.
This breach underscores the persistent threat of cyberattacks from state-sponsored actors and the critical importance of robust cybersecurity measures in safeguarding sensitive corporate information.
The incident serves as a reminder for organizations to remain vigilant, continually update security protocols, and swiftly respond to potential threats to protect against future cyber risks.
Read more: OSHA Points Finger At Slaughterhouse After Migrant Teen’s Tragic Death
