Microsoft Intensifies Security Following Midnight Blizzard Cyber Attack

In a new blog post, the Microsoft security team has shared its response to a nation-state cyber attack by Midnight Blizzard on January 12, 2024.

Microsoft’s security team detected the intrusion, activated response measures, and identified Midnight Blizzard as the Russian state-sponsored actor also known as Nobelium.

Initiating a password spray attack in late November 2023, Midnight Blizzard compromised a non-production test tenant account. They accessed a small percentage of corporate email accounts, including senior leadership and employees in cybersecurity, legal, and other functions.

Some emails and attached documents were exfiltrated, with the initial focus on information related to Midnight Blizzard.

The attack did not exploit vulnerabilities in Microsoft products or services, and there’s no evidence of access to customer environments, production systems, source code, or AI systems. Microsoft will notify customers if any action is necessary.

This incident underscores the ongoing risk from well-resourced nation-state threat actors. Microsoft emphasizes its commitment to proactive security, as outlined in the Secure Future Initiative (SFI) announced last year.

In response to the attack, Microsoft is immediately applying current security standards to owned legacy systems and internal processes.

This proactive stance may cause disruptions as the company adapts to this new reality, but it is considered a necessary step and the first of several to align with enhanced security measures.

Microsoft continues its investigation and promises further actions based on outcomes. Collaboration with law enforcement and regulators is also ongoing.