Microsoft’s Midnight Blizzard breach additionally impacted federal companies

In March, Microsoft informed the US Department of Veterans Affairs that it had been affected by a security breach that allowed the Russian hacking group, commonly referred to as “Midnight Blizzard,” to steal some of its source code and review materials. The group has already faced accusations of spying on email accounts and attempting to exploit the obtained information to create additional security breaches, targeting

The VA division uncovered evidence that Midnight Blizzard exploited a single set of stolen credentials to gain unauthorized access to Microsoft’s cloud environment around January. VA officials confirmed that the account was briefly accessed for a mere one-second duration, likely intended as a test of login credentials, which have since been updated.

Microsoft has informed the US Company for International Media that some of its data may have been compromised in a potential security breach. No evidence suggests that sensitive safety information and personally identifiable data stored by the company have been breached. The Peace Corps was also alerted to the Midnight Blizzard breach, learning it could “mitigate the vulnerability” with its existing resources. Despite the incident’s severity, Microsoft has yet to disclose which entities were affected by the attack.

“As our investigation unfolds, Microsoft has been proactively informing individuals who may have interacted with a compromised email account associated with a Microsoft company email address,” said Jeff Jones, a Microsoft spokesperson. “We will collaborate to assist customers in implementing proactive steps.”

Microsoft had previously announced the vulnerability in the preceding year’s Midnight Blizzard attack, following a “cascading series of security failures.” In recent news, the software giant emphasized that it is prioritizing security as it strives to rebuild trust after previous breaches.