January 19, 2024 at 07:23PM
Microsoft disclosed a breach in corporate email accounts, with data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The attack was detected on January 12th, and it was found that Nobelium accessed the accounts through a password spray attack in November 2023. The investigation is ongoing, and Microsoft is sharing details as appropriate. Nobelium is a Russian state-sponsored actor linked to various cyber attacks, including the 2020 SolarWinds supply chain attack impacting Microsoft.
Based on the meeting notes provided, the key takeaways are:
1. Microsoft disclosed that some corporate email accounts were breached by the Russian state-sponsored hacking group Midnight Blizzard, also known as Nobelium or APT29.
2. The breach was detected on January 12th, and it has been determined that the attackers gained access to a small percentage of corporate email accounts, including those of the leadership team, cybersecurity, and legal departments, for over a month.
3. The attackers were able to steal emails and attachments from the breached corporate accounts.
4. The breach was not caused by a vulnerability in Microsoft’s products and services but rather by a brute force password attack on the accounts.
5. Nobelium is a Russian state-sponsored actor linked to various cyberattacks, including the 2020 SolarWinds supply chain attack, breaches of Microsoft corporate accounts, and attacks on diplomats and government agencies.
These takeaways highlight the severity of the breach and the ongoing threat posed by state-sponsored hacking groups, particularly Nobelium, to Microsoft and other entities.