Microsoft has begun notifying certain customers that their emails could have been accessed by Russian hackers following a breach of its internal systems in 2023.
On 19 January 2024, the Microsoft security team officially made people aware that they had detected a nation-state attack on their corporate systems through a blog post on the website.
They identified the threat actor as being the Russian group Midnight Blizzard and say it began in late November 2023 when the “threat actor used a password spray attack.”
They say this allowed them to use the account’s permissions to “access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.”
The investigation into the attack started at the beginning of the year, with the company updating people in March as they say it had observed evidence of the threat actors using the information exfiltrated during the breach to attempt to gain further unauthorized access.
Customers are now being notified after Microsoft breach
A few months later and Microsoft is currently in the process of notifying those customers who had their communications exposed.
A spokesperson told ITPro it was sharing details with customers to give them further details about the scope of the information that was accessed by the threat actors.
“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” the spokesperson said.
“This is increased detail for customers who have already been notified and also includes new notifications. As we said previously, we’re committed to sharing information with our customers as our investigation continues.”
In the initial blog post by the team, they said the “attack was not the result of a vulnerability in Microsoft products or services.”