Microsoft Reveals Cyber Intrusion by Russian Group

Microsoft disclosed a recent cyberattack by Midnight Blizzard, an alleged Russian-sponsored agent also known as Nobelium. The intrusion targeted a small number of corporate accounts.

Microsoft reported the attack occurred on Jan. 12, 2023, when hackers, using a technique called password spray. They managed to gain access "to a very small number of Microsoft corporate accounts, including members of our leadership team," according to the company.

The apparent objective of these attacks was to obtain messages associated with Midnight Blizzard, with no resulting vulnerabilities in Microsoft's products and services, the company reported.

There are also no indications that they could access customer accounts, source code, or artificial intelligence (AI) systems. Still, the company specifies that affected individuals will be promptly notified if that were to occur.

Microsoft acknowledges that the new threat posed by "state actors" means that it is no longer sufficient to apply traditional balances between security risks and business, and it is necessary to act urgently even if these changes involve disruptions to ongoing business processes.

The US government considers Nobelium as part of the Russian intelligence service and attributes them several attempts to infiltrate US agencies, including the Department of Defense (DoD), as well as the hacking of the Democratic National Committee in 2016.