On January 12, 2024, the Microsoft security team found a serious attack on their systems by a nation-state group called Midnight Blizzard, linked to the Russian government. The attackers broke into their systems using a method called a password spray attack, gaining access to some Microsoft corporate email accounts, including those of senior leaders and staff in cybersecurity, legal, and other areas. The group took possession of some emails and documents, particularly targeting information about Midnight Blizzard.
This attack wasn't due to any problems with Microsoft's products or services. So far, there's no sign that the attackers got into customer systems, Microsoft main systems, source code or AI systems. Microsoft guarantees they will share with the customers if something needs to be done.
This attack shows the risk all organizations face from well-funded nation-state groups like Midnight Blizzard. Microsoft is now changing how they balance security and business risk because of this.
Microsoft's specialists will quickly improve security on older Microsoft systems and processes, even if it means causing disruption. This might be inconvenient, but it's necessary. It's just the first step in their new approach.
The company still investigating and will do more based on what they find. Their teams are also working with law enforcement and regulators. Furthermore, Microsoft will share more information and what they learned about the incident, so others can benefit from it too. The company promised giving more details about the case as soon as they can.
Stay ahead of the wave