On January 19, 2024, Microsoft announced its security teams had detected a State-sponsored attack against its computer systems on January 12, 2024. The cybercriminal group Midnight Blizzard, aka “Nobelium”, tied to Russian intelligence, is thought to have accessed the email accounts of Microsoft employees in November of 2023. Among the compromised emails are those of several members of management.
The cybercriminals managed to take over a supposedly inactive test account by trying many, very common, passwords. According to Microsoft, the authorizations granted by the account then allowed attackers to access “a very small percentage of Microsoft corporate email accounts,” including members of management, legal departments and cybersecurity.
Cybercriminals then searched for information on themselves. Midnight Blizzard has indeed been in Microsoft’s crosshairs for years, particularly since the group’s spectacular attack against SolarWinds in 2020.
Microsoft specifies that the attackers did not access “customer information, manufacturing systems, source code or artificial intelligence systems.” The company has updated its security standards, specifically its internal processes, in order to avoid this type of incident in the future.