Russia-Funded Hackers Infiltrate Microsoft Servers

The computer giant's corporate systems were being targeted by the Russian-sponsored hacker group Midnight Blizzard, Microsoft revealed in a disclosure report it filed with the SEC on Friday.

“The Microsoft security team detected a nation-state attack on our corporate systems on January 12th, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access,” Microsoft stated in a filing made public on 19th January.

The group determined that the assailant was Midnight Blizzard, also referred to as Nobelium, a Russian state-sponsored actor in the security community. According to Microsoft, the organization was able to access a tiny amount of a "legacy non-production test tenant account" in November 2023 by using a password spray assault.

After entering the system, the attackers, according to Microsoft, increased their access rights "to a very small percentage of Microsoft corporate email accounts, including employees in our legal, cybersecurity, and other departments, and infiltrated certain emails and attached documents."

“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” Microsoft said. The Microsoft team also saw that the attackers' main goal was to gather personal data to trick employees into sending fraudulent emails.

Microsoft made clear that the “attack was not the result of a vulnerability in Microsoft products or services,” reiterating there was no evidence “the threat actor had any access to customer environments, production systems, source code, or AI systems.”

Microsoft said they have shared the update as part of the commitment to the company’s newest security initiative, the “Secure Future Initiative (SFI).

To develop "next generation cybersecurity protection," The Midnight Blizzard attack, according to Microsoft, has brought attention to the "urgent need to move even faster." The company declared, "We will move quickly to apply our current security standards to internal business processes and legacy systems owned by Microsoft."

According to Microsoft, there may be a temporary disruption in operations as a result of the required enhanced security. Microsoft stated that it will keep consumers and clients informed about the situation as it is being investigated, as needed.

Notifications are being sent to employees whose email accounts were targeted by the threat group. BlackBerry investigation indicates that in February of last year, a phishing attempt targeting European Union government bodies providing aid to Ukraine was purportedly carried out by a Russian cybercriminal cell.