Microsoft Targeted in Cyberattack by Russian-Linked Group Midnight Blizzard
Microsoft has disclosed a significant breach by a Russian-sponsored hacking entity known as Midnight Blizzard, also recognized under the alias Nobelium. This group is believed to be the culprit behind the substantial SolarWinds supply chain incident in 2020.
In a detailed account, Microsoft explained that starting in late November 2023, Midnight Blizzard launched a password spray attack. Through this method, they compromised a redundant, non-operational test account, which allowed them to infiltrate and extract information from a minimal amount of Microsoft's corporate email accounts. These included top executives and staff in key departments like cybersecurity and legal. Microsoft confirmed that it's in the process of alerting employees whose emails were accessed during this breach.
The tech giant noticed the intrusion on January 12 and although it did not specify what Nobelium was seeking, the company has a storied history with this hacking group. Post-SolarWinds hack, Microsoft went public with extensive insights into the Nobelium cyberattack, offering a revealing look at this sophisticated nation-state assault through a series of blog posts and videos.
Apart from its corporate battles, Microsoft has been at the forefront of defending against Russian cyber threats directed at Ukraine.
Password spraying, the technique used in the breach, involves attempting to log in to accounts using widespread passwords, hoping to stumble upon users with subpar cybersecurity hygiene. While daunting for organizations to counteract due to its nature — relying on user vulnerability rather than system flaws — it's glaringly effective when individuals neglect robust password creation.
Online security firm Login Radius articulates that hackers employ password spraying by targeting users with a vast array of commonly used passwords until they successfully breach an account.
Microsoft remains firm that the breach did not stem from any weaknesses in its products or services. There's no evidence that the cyberattackers reached customer data, vital production systems, source code, or sophisticated AI technologies. Customers will receive notifications if any further actions concerning their data are necessary.
Despite the reassurance, the incident has considerable implications. Microsoft has had to recalibrate how it weighs security against business risks and has declared that it will promptly implement current security protocols across its legacy systems and internal mechanics, a move expected to cause some temporary disruptions.
Recent years have seen Microsoft at the epicenter of a series of major hacks. There were U.S. and NATO nation accusations against China for orchestrating hacks against Microsoft Exchange Server in 2021 and Lapsus$' theft of Bing and Cortana code in 2022. In 2023, a breach in the Azure platform by a Chinese group underscored the ongoing cybersecurity threats faced by Microsoft, with industry leaders expressing concerns over the company's cybersecurity posture and potential implications for U.S. government espionage.