Microsoft recently disclosed that a Russian state-sponsored group, identified as ‘Midnight Blizzard’ or APT29, orchestrated a cyberattack on the company’s corporate systems, compromising the email accounts of key personnel. The intrusion, which began in late November, was only detected on January 12, according to a blog post by the American multinational technology corporation.
A small percentage of Microsoft’s corporate accounts were accessed during the breach, with the targeted accounts belonging to members of the company’s leadership team, as well as employees in the cybersecurity and legal departments. Microsoft emphasized that the intrusion did not result from a specific vulnerability in its products or services.
The highly skilled Russian hacking team responsible for the infamous SolarWinds breach was identified as the perpetrator of this recent attack. The hackers utilized a sophisticated technique known as a “password spray attack,” commencing in November 2023. This method involves using a compromised password across multiple related accounts to infiltrate a company’s systems.
Microsoft’s investigation into the breach revealed that the hackers aimed to learn more about the company’s knowledge of their operations. The stolen data included some emails and attached documents, but the company assured that there is no evidence the threat actors gained access to customer environments, production systems, source code, or AI systems.
‘Midnight Blizzard,’ also known as APT29 or Cozy Bear, is linked to Russia’s SVR spy agency and gained notoriety for its intrusion into the Democratic National Committee during the 2016 US elections. Microsoft clarified that the attack does not appear to have compromised any US government agencies or critical infrastructure.
Despite the breach, Microsoft affirmed its commitment to bolstering cybersecurity measures and highlighted the ongoing risk posed by well-resourced nation-state threat actors like ‘Midnight Blizzard.’ The company urged organizations to remain vigilant against such sophisticated cyber threats.
Both the Russian embassy in Washington and the ministry of foreign affairs have yet to respond to requests for comments on the allegations. The incident comes at a time when concerns about cybersecurity vulnerabilities and nation-state cyber threats continue to escalate globally.
Sources By Agencies