Microsoft announces cyber attack from Russian government-backed hacking group ``Midnight Blizzard''

Microsoft's security team announced on January 12, 2024 that it detected a nation-state attack on its systems. Microsoft immediately initiated a response process and says it was successful in stopping the malicious activity, mitigating the attack, and denying the threat actor further access. Microsoft has identified the cyberattack on its systems as the Russian government-backed hacking group ``Midnight Blizzard,'' known as ``Nobelium.''

Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Microsoft executive hack emails sent by Russian intelligence group
https://www.cnbc.com/2024/01/19/microsoft-executive-emails-hacked-by-russian-intelligence-group-company-says.html

Starting around late November 2023, threat actors used password spray attacks to compromise non-production test tenant accounts and gained a foothold to hack into Microsoft systems. The compromised account credentials were then used to gain access to a 'small portion' of email accounts belonging to members of Microsoft's senior leadership team and employees in cybersecurity, legal, and other departments, including emails and attachments. Microsoft explains that it was leaked.

The email addresses of Microsoft executives were hacked by threat actors, Microsoft also explains in regulatory filings.

Inline XBRL Viewer
https://www.sec.gov/ix?doc=/Archives/edgar/data/789019/000119312524011295/d708866d8k.htm

Microsoft has identified the threat actor that hacked the email accounts of its employees as Midnight Blizzard, a hacking group backed by the Russian government.

According to Microsoft, it has been revealed that Midnight Blizzard was hacking the email addresses of Microsoft employees in order to collect information about themselves. Microsoft has notified employees whose email addresses have been hacked.

Microsoft explains that the Midnight Blizzard attack was not caused by any vulnerabilities in Microsoft products or services. Additionally, at the time of article creation, there was no evidence that Midnight Blizzard had accessed customer environments, production systems, source code, AI systems, etc. As a result, Microsoft says, 'We will notify customers if any action is required.'

Microsoft said of the Midnight Blizzard cyberattack, ``This attack highlights how well-resourced, state-sponsored threat actors like Midnight Blizzard pose an ongoing risk to all organizations. ” he said.

It added: 'Given the presence of threat actors resourced and funded by nation states, the balance between security and business risk is shifting. For Microsoft, this incident requires a faster response. This highlights the urgent need to immediately apply current security standards to Microsoft-owned legacy systems and internal business processes, even if the changes may disrupt existing business processes. 'We are taking action,' stressing the importance of adopting cutting-edge security standards even for older systems and business processes.

Microsoft is continuing to investigate this cyberattack and has stated that it will take additional actions based on the findings and will continue to cooperate with law enforcement and appropriate regulatory authorities. In addition, Microsoft will continue to share more information so the community can benefit from both its experiences and observations about threat actors.

Eric Goldstein, executive assistant director of cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told CNBC that Microsoft We are working closely with Microsoft to help protect other potential victims.As noted in Microsoft's announcement, there is no known impact to Microsoft customer environments or products at this time. He issued a statement saying, 'No.'

In addition, Midnight Blizzard has carried out large-scale cyber attacks against U.S. ministries such as the Treasury Department, State Department, and National Nuclear Security Administration, as well as large companies such as Microsoft and Cisco, using the network monitoring software ``Orion Platform '' provided by SolarWinds. It is known for having set up. Midnight Blizzard's cyber attack using the Orion Platform has been described as ``one of the most serious cyber attacks in the past 10 years.''

What is the attack on SolarWinds' 'Orion Platform' that Microsoft president says is 'one of the most serious cyber attacks in the past 10 years'? -GIGAZINE

In addition, Microsoft has received cyber attacks from Midnight Blizzard in the past, and the method used at this time was a 'password spray attack.'

Microsoft announces another cyberattack from Russian government-backed hacker organization - GIGAZINE

It has also been revealed that Midnight Blizzard conducted a phishing attack by pretending to be technical support for a small to medium-sized company, sending messages via Microsoft Teams, and forcing users to authenticate their logins.

It turns out that a Russian hacking group carried out phishing attacks via Microsoft Teams under the guise of corporate technical support - GIGAZINE