Russian state-sponsored threat actors targeted Microsoft late last year, and managed to steal some sensitive information from certain highly-positioned individuals including senior executives, the company has confirmed.
It is not known exactly how many emails were accessed, but Microsoft did say that compromised accounts, included those belonging to members of senior leadership and those working in cybersecurity and legal departments.
The attack was spotted on January 12, and Microsoft noted the subsequent changes in the approach to security might cause some disruptions.
Stealing sensitive data
In a blog post, the company noted how a group known as Nobelium (AKA Midnight Blizzard) managed to compromise a legacy non-production test tennant account via a password spray attack, in late November 2023.
The group used that access to gain access to “a very small percentage” of Microsoft corporate accounts, the company said.
“Some emails and attached documents” were stolen, the announcement reads, stating that the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”
The investigation is still ongoing, and if Microsoft finds customer data was stolen, it will notify the affected individuals. At this time, there is nothing the customers can, or should, do.
Going forward, the company will apply its current security standards to legacy systems and internal business processes, as well, “even when these changes might cause disruption to existing business processes.” While this will likely cause some level of disruption, Microsoft sees this as a necessary first step in securing its infrastructure. At the same time, the investigation will continue, as the police and other relevant authorities are being notified.
Last time we heard of Nobelium was in March 2023, when the group breached 40 firms via compromised Microsoft 365 accounts – but it is perhaps best known for its cyberattacks against SolarWinds in 2019 and the Democratic National Committee in 2015.