January 19, 2024 at 07:54PM
Russian government-backed hackers infiltrated Microsoft’s network, accessing senior executives’ emails and attachments in cybersecurity and legal departments. Microsoft’s security team detected the attack in January 2024, tracing it back to November 2023. The intrusion did not exploit vulnerabilities in Microsoft’s products or access customer environments. The company will notify customers if needed and enhance security measures.
Key takeaways from the meeting notes are as follows:
1. Microsoft disclosed that the Russian government-backed hacking group, known as Midnight Blizzard/Nobelium, successfully breached its corporate network and accessed emails and attachments belonging to senior executives and targets in the cybersecurity and legal departments.
2. The attack was initiated through a password spray attack on a legacy non-production test tenant account, allowing the hackers to access a small percentage of Microsoft corporate email accounts and exfiltrate emails and documents.
3. Microsoft’s security team detected the nation-state attack on their corporate systems in January 12, 2024, and traced the infection back to November 2023. Senior leadership team members were among the victims targeted by the hackers.
4. The company clarified that the attack was not due to a vulnerability in Microsoft products or services, and there is currently no evidence that the threat actor had access to customer environments, production systems, source code, or AI systems.
5. Microsoft announced immediate actions to apply current security standards to owned legacy systems and internal business processes, anticipating some disruption during the adaptation phase.
6. The company also highlighted ongoing investigations and commitment to taking additional actions based on the outcomes, including collaboration with law enforcement and appropriate regulators.
7. The discovery of Russian hackers in Microsoft’s network follows a previous incident involving Chinese cyberspies using stolen Azure AD enterprise signing key to break into M365 email inboxes, leading to the theft of email data from around 25 US government organizations.
These takeaways summarize the key details and implications of the security breach and the actions being taken by Microsoft to address the situation.