Microsoft recently disclosed a cyberattack on its systems by Midnight Blizzard, a Russian state-sponsored hacker group also known as Nobelium, infamous for the 2019 SolarWinds breach.
The attack, occurring on January 12, targeted Microsoft’s non-production test account through a password spray tactic, allowing unauthorized access to a minimal portion of the company’s corporate emails, including those of top executives and teams in cybersecurity and legal sectors.
The company clarified that the attack didn’t exploit any system vulnerabilities and assured no customer data was compromised. Microsoft’s ongoing investigation indicates the hackers sought information specifically about Midnight Blizzard. As a response, the tech giant is collaborating with law enforcement and regulators, committing to further actions based on the investigation’s outcomes.
Emphasizing transparency, Microsoft plans to share insights and experiences from this incident with the community to enhance collective knowledge about the threat actor. Further details will be released as deemed appropriate