Adrian Johnson
TLDR:
- Microsoft announced that its systems were breached by Russian hackers from the group Midnight Blizzard.
- A “very small percentage” of corporate emails were accessed, including senior leadership accounts.
Microsoft revealed that its systems were breached by a Russian hacking group known as Midnight Blizzard, who were also behind the SolarWinds cyberattack. While Microsoft stated that only a small percentage of corporate emails were accessed, the compromised accounts included senior leadership and employees in the cybersecurity and legal departments. Midnight Blizzard first gained access to Microsoft’s systems in late November through a “password spray” attack. The group specifically targeted corporate email accounts to find information about themselves, and managed to access and withdraw some emails and attached documents. Microsoft emphasized that the breach was not due to any vulnerabilities in their products or services, and there is currently no evidence that the hackers had access to customer environments, production systems, source code, or AI systems. However, this response is similar to Microsoft’s previous claims after the SolarWinds attack, in which federal investigators found evidence that the hackers had accessed Microsoft Office 365. This is not the first time Microsoft has experienced security breaches, with recent incidents involving a Chinese cyber espionage unit exploiting a flaw in Microsoft’s Exchange server email software, and an adversarial attack from China gaining access to email accounts at US government agencies. Microsoft has launched the Secure Future Initiative to enhance its cybersecurity protection, with plans to apply current security standards to legacy systems and internal business processes.
