Microsoft recently detected an attack on its corporate systems by the Russian state-sponsored actor known as Nobelium, also referred to as Midnight Blizzard. The attack, discovered on January 12, 2024, prompted an immediate activation of Microsoft’s response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.
The investigation revealed that the threat actor used a password spray attack in late November 2023 to compromise a legacy non-production test tenant account. Subsequently, they accessed some Microsoft corporate email accounts, exfiltrating emails and attached documents, focusing on gathering information related to Midnight Blizzard.
The attack did not exploit any vulnerability in Microsoft products or services, and there is currently no evidence to suggest that the threat actor gained access to customer environments, production systems, source code, or AI systems. Microsoft has pledged to notify customers if action is required.
This incident highlights the persistent risk posed by well-resourced nation-state threat actors to all organizations. Microsoft is dedicated to reevaluating the balance between security and business risk in response to this constantly evolving threat landscape.
As part of their commitment to responsible transparency, Microsoft emphasized the need to accelerate the application of current security standards to legacy systems and internal business processes.
Microsoft is continuing its investigation and will take further actions based on the outcomes, collaborating with law enforcement and relevant regulators. The company is committed to sharing additional information and learnings to benefit the wider community.
For more information, the official update from Microsoft’s Security Response Center can be accessed at https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/.
The 128 series brings you byte-sized news for busy professionals. The full story can be found here:https://dev.cmd.news/article/industry-news/microsoft-detects-nation-state-attack-by-russian-state-sponsored-actor/
