A Russia-based group, Midnight Blizzard, also known as Nobelium, has hacked Microsoft’s employee emails, including those of senior staff, Microsoft revealed in a recent blog post.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” explained the blog post.
This is not the first time Midnight Blizzard or Nobelium has targeted the company. Last year, Microsoft had accused it of using social engineering to carry out a cyberattack on Microsoft Teams.
Though the attack was initiated in late November 2023, it was detected only on January 12, 2024. “The incidence shows, like in earlier such cases, that even the most sophisticated cyber security systems are far from being adequate. The fact that the intrusion began in late November 2023 and was detected only around mid-January 2024, as per Microsoft’s blog post, makes such incidents even more alarming,” said Deepak Kumar, the founder analyst and chief research officer at BMNxt Business and Market Advisory.
A weak link in security?
Microsoft stressed that the attack was not because of a vulnerability in its products or services. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required,” the company blog post read.
However, analysts believe that possibly not enough was done to secure the email accounts of senior leadership. “The breach also hints at the possibility that best practices, such as zero-trust security, are not necessarily being applied to email accounts of senior leadership, who have been the primary targets in this case,” said Kumar. He added that a “weak link the security chain” might have led to the compromise of the employee emails.