An attack on Microsoft by Russian hackers had further implications than initially reported. The tech giant is notifying additional individuals that emails between them and Microsoft were accessed, Bloomberg reports. A group known as Midnight Blizzard or Nobelium orchestrated this attack, along with the 2020 SolarWinds hack. The US government has previously linked Midnight Blizzard to the Russian Foreign Intelligence Service.
Microsoft previously informed some individuals that their emails were viewed, but the company is now sharing specifics. “This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” a Microsoft spokesperson stated. “This is increased detail for customers who have already been notified and also includes new notifications.” Microsoft is making customers aware via email, which initially led to concerns that the notification was a phishing scam.
Microsoft first disclosed the hack in January, stating that a password spray attack gained the group access to “a very small percentage of Microsoft corporate email accounts” in late 2023. Employees with compromised emails included members of the senior leadership, cybersecurity and legal teams.
At the time, Microsoft said vulnerabilities in its systems were not to blame for the attack but that it would be improving security. However, the US government has brought the heat against Microsoft, with a March report from the Cyber Safety Review Board finding the company’s “security culture was inadequate and requires an overhaul.” In April, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an order requiring federal agencies to analyze hacked emails and secure Microsoft cloud accounts, among other measures. CISA notified all impacted agencies and required them to provide regular updates on the steps taken to thwart this “grave and unacceptable risk.”
