January 19, 2024 at 07:08PM
Microsoft confirmed a breach of corporate email accounts by Russian state-sponsored group Midnight Blizzard. The attack, detected on January 12th, 2023, was initiated via a password spray attack in November 2023. Access was gained to leadership team and legal department emails for over a month, enabling theft of emails and attachments. Nobelium, also known as APT29, is identified and is associated with previous cyberattacks, including the 2020 SolarWinds supply chain breach. Ongoing investigations will be shared by Microsoft.
Based on the meeting notes, here are the key takeaways:
1. Microsoft disclosed that some of its corporate email accounts were breached by the Russian state-sponsored hacking group Midnight Blizzard.
2. The breach was detected on January 12th, with Microsoft initiating a response to investigate, disrupt, and mitigate the breach.
3. The attackers gained access to Microsoft’s corporate email accounts through a password spray attack on a legacy non-production test tenant account in November 2023.
4. The attackers accessed emails and attachments from the breached corporate accounts.
5. Microsoft confirmed that the breach was not caused by a vulnerability in their products and services, but rather by a brute force password attack on their accounts.
6. Nobelium is a Russian state-sponsored actor believed to be behind the 2020 SolarWinds supply chain attack, which also impacted Microsoft. The group has also breached a Microsoft corporate account in June 2021, and is believed to be linked to Russia’s Foreign Intelligence Service (SVR), responsible for attacks on diplomats and government agencies worldwide.
If you require more detailed analysis or specific action items, please let me know.