Key Takeaways:
- Microsoft exposed a recent cyberattack by Russian state-sponsored hackers, Midnight Blizzard, who successfully exploited a weak password to breach the company’s corporate network.
- The hack provided unauthorized access to the email accounts of senior executives working in legal and cybersecurity teams.
- Microsoft detected the security breach on January 12 and emphasized that it did not affect customer accounts.
Last week, Microsoft disclosed that Russian state-sponsored hackers exploited a weak password to infiltrate its corporate network. The threat actor (dubbed Midnight Blizzard) gained unauthorized access to the email accounts of its senior executives and employees working in legal and cybersecurity teams.
Microsoft detailed that the Russian hacking group (also known as Nobelium or APT29) used password spray attacks to compromise its corporate systems in November 2023. The attackers managed to gain access to a legacy non-production Microsoft test account. The compromised account didn’t use multifactor authentication (MFA), which allowed the attackers to use commonly used passwords to breach the account.
The hackers managed to infiltrate a limited number of Microsoft’s top-level and sensitive employee accounts. They were able to obtain a few email messages, files, and attachments from the corporate mailboxes. Microsoft’s preliminary investigation indicates that the attackers wanted to discover information the company had about their activities.
Russian espionage attack didn’t affect Microsoft’s customer accounts
Microsoft first detected the security breach on January 12, 2024. The company claims that the attack did not impact customer accounts, source code, AI systems, or production systems. However, some cybersecurity experts noted that the corporate email accounts are hosted by its own Microsoft 365 service.
“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes. This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy,” the Microsoft Security Response Center (MSRC) team explained.
Recommendations to protect against similar attack techniques
Microsoft has revealed information about a cyberattack as part of its Secure Future Initiative (SFI), which was announced last year. The company has promised to continue investigating the attack and share more details about its findings in the future.
Microsoft highly recommends that organizations should follow basic security hygiene to prevent cyberattacks. Enterprise admins should enforce Multi-Factor Authentication (MFA) for all accounts to protect sensitive information. Moreover, it’s advisable to use an authenticator app or a FIDO2 key as the preferred MFA method instead of relying on SMS challenge-response.