Microsoft warns majority of its users that emails exchanged with the company were compromised after Russian hackers infiltrated its systems, granting access to employee inboxes.
Microsoft disclosed in January that hackers from the notorious “Midnight Blizzard” group, also referred to as APT29 or Cozy Bear, breached their systems in late 2023. Utilizing a sophisticated “password spray” brute-force attack, the perpetrators gained unauthorized access to email accounts held by senior management personnel as well as employees within the organization’s legal and cybersecurity divisions.
As soon as the hackers successfully breached Microsoft employee accounts, they gained access to sensitive communications exchanged between the corporation and its clients.
Microsoft is proactively informing impacted customers about the specific measures they will take to identify which email accounts were compromised. While some clients were aware that their private communications had been compromised prior to this revelation, many more are only learning about the security breach today.
Microsoft officials confirmed this week’s efforts to notify customers whose email communications with the company were compromised in a recent cyberattack attributed to the threat group known as Midnight Blizzard. “We are providing affected clients with email correspondence accessed by this individual.” Notifying patrons with elevated elements, including both those previously informed and newly alerted.
The email notification provides affected Microsoft clients with direct access to a customized portal, enabling them to review compromised email messages.
Several of the organizations affected will likely be targeted by Russian-linked hackers, who may leverage stolen data from compromised Microsoft communications to launch attacks against these very same companies.
Initially, a few recipients of the Microsoft warning were skeptical, wondering if it was actually legitimate.
The notorious Midnight Blizzard group, also known as Cozy Bear or APT29, was previously linked to the hack of SolarWinds, a pivotal and highly publicized supply-chain cybersecurity breach in history. The Kremlin-backed hackers successfully infiltrated.
Microsoft’s cybersecurity practices are currently under intense scrutiny following a series of high-profile breaches.
In the final year, a Chinese-linked hacking gang perpetrated a series of individual attacks, successfully stealing hundreds of US federal government officials’ emails.
In April of this year, the US government downgraded its travel advisory for the country due to concerns over its “insufficient” safety record. The federal government seized upon the notorious Midnight Blizzard incident to underscore the corporation’s persistent failure to address the issue at hand.
