New Delhi: Microsoft has claimed that about two months ago, Russian state-sponsored threat actors gained access to its corporate networks and obtained emails belonging to executives and certain staff members in its legal and cybersecurity divisions.
The company has identified the threat actor as ‘Midnight Blizzard’, also known as ‘Nobelium’.
Microsoft said that it detected the November 2023 breach on January 12 and later notified employees whose communications were intercepted.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts,” Microsoft said in a blogpost on Friday.
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself,” it added.
The company also disclosed the intrusion in a filing with the US Securities and Exchange Commission (SEC), in which it mentioned that they “were able to remove the threat actor’s access to the email accounts on or about January 13, 2024”.
The tech giant is also examining the information accessed to determine the impact of the incident and said that it will continue to investigate the extent of the incident.
“As of the date of this filing, the incident has not had a material impact on the Company’s operations. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Microsoft said.
In addition, the company noted that this incident has highlighted the urgent need to move even faster and will act immediately to apply the company’s current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.