Microsoft has confirmed it was the subject of a hacking attack by Midnight Blizzard in what is said to have been a targeted recon mission.

The hackers, also known as ATP29, Cozy Bear, and Nobelium, are considered to be state-sponsored by Russia and responsible for the 2020 infiltration of SolarWinds’ Orion platform.

A Microsoft statement confirmed its security team detected what it described as a nation-state attack on its corporate systems and immediately activated a response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access.

Although the malicious activity was discovered on 12 January, it is believed the cyberattack commenced in late November 2023, leaving the American multinational tech giant to play catch-up on the serious incident.

Early indications have suggested Midnight Blizzard was able to access a legacy system account using a password spraying attack.

From there, the hackers were able to hone in on Microsoft corporate email accounts belonging to senior representatives in cyber security and legal functions to a degree of success. They were looking to scan the accounts for information on themselves – Midnight Blizzard – to find out what intel big tech is sitting on.

In what appears to be a very sensitive matter, the stakes are increased further if the Russian state is involved, as believed.

Investigation outcome

Microsoft has stressed the robustness of its systems, stating the hack was not due to internal vulnerability but instead, as a result of the sophisticated attack, which highlights the “continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.”

It has allayed fears of access to customer environments, production systems, source code, or AI systems but said it would notify anyone impacted if any action is required.

Microsoft has pledged to investigate the matter thoroughly and to take whatever measures are required, depending on the outcome of the findings, working together with the relevant authorities.

