News Hub

Microsoft alerts customers to Russian hackers accessing emails

Written by Wed 3 Jul 2024

Image Credit: Reuters

Microsoft users have been informed that emails they have exchanged with the tech giant were accessed as part of a data breach that had previously affected US Government agencies.

Microsoft is informing customers about which of their emails were hacked by the group, according to a company spokesperson. In an email notification seen by Bloomberg, Microsoft provided clients with a link to designate someone to review compromised messages in a secure, custom-built system.

“You are receiving this notification because emails were exchanged between Microsoft and accounts in your organisation, and those emails were accessed by the threat actor Midnight Blizzard as part of their cyberattack on Microsoft,” said the notice.

Some customers were already aware of being affected by the breach, while others are learning about it now as Microsoft has had more time to assess the extent of the damage, indicating the hack has had wider repercussions than initially believed. Microsoft has not disclosed which customers received notifications.

“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” said a Microsoft spokesperson.

The spokesperson added the notification provides increased detail for users who have already been notified, and also includes new notifications.

“We are committed to sharing information with our customers as our investigation continues,” said the spokesperson.

Microsoft Overhauls Security Systems

On 19 January, Microsoft reinforced its commitment to its Secure Future Initiative (SFI) ‘given the reality of threat actors that are resourced and funded by nation states’.

Microsoft said they are shifting the balance between security and business risk as they recognise traditional methods are no longer adequate. The tech giant states that the company will apply its standards to Microsoft-owned legacy systems and internal processes ‘even when these changes might cause disruption to existing business processes.

“This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy,” said Microsoft.

Microsoft Hacked by Midnight Blizzard

In January, Microsoft said Midnight Blizzard was responsible for a breach into corporate systems and stealing documents from staff accounts. 

On 12 January, Microsoft detected a threat from Midnight Blizzard, also known as Nobelium. Midnight Blizzard is an alleged Russia-based threat actor identified by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR.

The company activated a response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. In March, Microsoft said Midnight Blizzard was still trying to break into its systems using data stolen from corporate emails in January.

Analysts expressed concerns regarding the safety of Microsoft’s services and systems as Microsoft provides digital services and infrastructure to the US Government.

On 8 March, Microsoft said it had seen evidence of Midnight Blizzard attempting to gain unauthorised access to its systems.

“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised,” said Microsoft.

Microsoft added Midnight Blizzard is attempting ‘to use secrets of different types it has found’. Some of these secrets were shared between customers and Microsoft via email. Microsoft stressed it has been reaching out to affected users to take mitigating measures.

According to the company, Midnight Blizzard has increased the volume of some aspects of the attack, like password sprays, by as much as tenfold in February, compared to the large volume Microsoft saw in January. 

A password-spraying attack involves a malicious actor trying the same commonly used password across multiple accounts before moving on to another. This method helps attackers avoid detection by avoiding numerous failed login attempts on a single account.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Wed 3 Jul 2024

Send us a correction Send us a news tip