Russian state-sponsored threat actors targeted Microsoft late last year and managed to steal sensitive information from certain high-level individuals, including senior executives, the company has confirmed.
It is not known exactly how many emails were opened, but Microsoft did say that accounts were compromised, including accounts belonging to members of senior leadership and those working in cybersecurity and legal departments.
The attack was spotted on January 12, and Microsoft noted that subsequent changes in its approach to security could cause some disruption.
Stealing sensitive data
In a blog post, the company noted how a group known as Nobelium (AKA Midnight Blizzard) managed to compromise an outdated non-production test tenant account via a password spray attack in late November 2023.
The group used that access to access “a very small percentage” of Microsoft corporate accounts, the company said.
“Some emails and attached documents” were stolen, the announcement said, saying the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code or AI systems.”
The investigation is ongoing and if Microsoft discovers that customer data has been stolen, it will notify the individuals involved. At this point there is nothing the customers can or should do.
In the future, the company will also apply current security standards to legacy systems and internal business processes, “even when these changes could cause disruption to existing business processes.” While this will likely cause some disruption, Microsoft sees this as a necessary first step in securing its infrastructure. At the same time, the investigation will continue as the police and other relevant authorities are notified.
The last time we heard of Nobelium was in March 2023, when the group breached 40 companies via compromised Microsoft 365 accounts – but the group is perhaps best known for its cyberattacks against SolarWinds in 2019 and the Democratic National Committee in 2015 .