Microsoft says it was hit by Russian hackers who wanted to know its secrets

Enseigne Microsoft
(Image credit: Unsplash)

Russian state-sponsored threat actors targeted Microsoft late last year, and managed to steal some sensitive information from certain highly-positioned individuals including senior executives, the company has confirmed.

It is not known exactly how many emails were accessed, but Microsoft did say that compromised accounts, included those belonging to members of senior leadership and those working in cybersecurity and legal departments.

The attack was spotted on January 12, and Microsoft noted the subsequent changes in the approach to security might cause some disruptions.

Stealing sensitive data

In a blog post, the company noted how a group known as Nobelium (AKA Midnight Blizzard) managed to compromise a legacy non-production test tennant account via a password spray attack, in late November 2023. 

The group used that access to gain access to “a very small percentage” of Microsoft corporate accounts, the company said.

“Some emails and attached documents” were stolen, the announcement reads, stating that the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.” 

The investigation is still ongoing, and if Microsoft finds customer data was stolen, it will notify the affected individuals. At this time, there is nothing the customers can, or should, do.

Going forward, the company will apply its current security standards to legacy systems and internal business processes, as well, “even when these changes might cause disruption to existing business processes.” While this will likely cause some level of disruption, Microsoft sees this as a necessary first step in securing its infrastructure. At the same time, the investigation will continue, as the police and other relevant authorities are being notified. 

Last time we heard of Nobelium was in March 2023, when the group breached 40 firms via compromised Microsoft 365 accounts - but it is perhaps best known for its cyberattacks against SolarWinds in 2019 and the Democratic National Committee in 2015.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.