Russian hacking group accessed some of Microsoft’s senior leaders’ email accounts on January 12, 2024, security experts announced.
Russian hacking group accessed some email accounts of Microsoft senior leaders, the software giant disclosed in a regulatory filing Friday afternoon.
“The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access,” the Microsoft Security Response Center said in a blog post. “Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.”
Nobelium, notably, is the same group responsible for the infamous SolarWinds breach in 2020.
The blog post added that hackers could access “a tiny percentage of Microsoft corporate email accounts,” including accounts belonging to its senior leadership team members and employees in its cybersecurity and legal departments.
The company said that hackers could exfiltrate some emails and attached documents, though the preliminary investigation indicates that the attackers seemed to be seeking information related to Midnight Blizzard itself. That mirrors what the same group did when it used tampered software made by SolarWinds to infiltrate US agencies in 2020 — and then sought to track how the US government responded to its intrusions.
Microsoft said it is in the process of notifying employees whose emails were accessed. It said there is no evidence that the hackers had access to customer environments or AI systems.
The company said the attack began in late November 2023, and hackers gained an initial foothold using a so-called “password spray attack.” Password spraying refers to the attempt to access many accounts using commonly known passwords.
The company said the investigation is ongoing and will continue working with law enforcement and appropriate regulators. It pledged to share more information publicly as it became available.
The company said the attack highlights “the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.”
Microsoft systems have been the target of multiple recent high-profile hacking efforts.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to CNN’s request for comment on the hack Friday. Microsoft declined a request for additional comment.
The FBI said, “The FBI is aware of the incident, and we are diligently working with our federal partners to assist. As always, we encourage any victim of a cyber incident to contact their local FBI field office.”
This story has been updated with additional developments.