On January 12, Microsoft revealed a ‘Midnight Blizzard’ cybersecurity breach attributed to a Russian state-sponsored group. This breach resulted in the unauthorized access and extraction of emails and documents from specific Microsoft corporate email accounts, including those of senior leadership and staff in departments such as cybersecurity and legal.
Midnight Blizzard’s Tactics: “Password Spray Attack” Exploits Microsoft Platform
The hacking group, identified as “Midnight Blizzard” or APT29, initiated a “password spray attack” in November 2023, exploiting a vulnerability within a Microsoft platform. This tactic involves using a compromised password across interconnected accounts. Midnight Blizzard, flagged by Microsoft’s dedicated threat research team, operates within the realm of nation-state hackers.
Microsoft’s subsequent investigation unveiled the primary objective of the hackers: to gauge Microsoft’s insights into their own operations. Significantly, the company clarified that the breach did not stem from any inherent vulnerabilities in its suite of products or services.
Swift Response: Microsoft Blocks Access and Disrupts Malicious Activities
Despite the security incident, Microsoft assured that the threat actors failed to gain access to customer environments, production systems, source code, or AI systems. Responding promptly to the breach, the company intervened to disrupt malicious activities and prevent ongoing access by the group to its systems.
As of now, the Russian Embassy in Washington and the Ministry of Foreign Affairs remain silent on the matter. Microsoft underscored the persistent risk posed by well-resourced nation-state threat actors like Midnight Blizzard.
This disclosure aligns with a recent regulatory directive from the U.S. Securities and Exchange Commission (SEC). The directive mandates expeditious disclosure of cyber incidents by publicly-owned companies. Affected entities must file a comprehensive report within four business days of discovering a breach, outlining the temporal, scope, and qualitative dimensions of the incident.
Midnight Blizzard’s Notoriety: Links to Russia’s SVR Spy Agency and 2016 U.S. Election Intrusions
Midnight Blizzard, also recognized as Nobelium or Cozy Bear, maintains ties to Russia’s SVR spy agency and gained notoriety for intrusions during the 2016 U.S. election, particularly breaching the Democratic National Committee. Given the extensive deployment of Microsoft products across the U.S. government, the company faced scrutiny last year for its security practices after a cyberattack by Chinese hackers targeted emails of senior U.S. State Department officials.
Read More Cybersecurity
