Russian-Linked Group Exfiltrates Emails From Microsoft Leadership

On Friday, Microsoft released a statement on their security blog stating that they had been the target in a Russian state-sponsored campaign that lead to the exfiltration of emails and documents from senior leadership and employees. The software maker has attributed the attack to the Russian-linked Midnight Blizzard, also known as APT29 or Cozy Bear.

While the Microsoft security team detected the attack on January 12, they state that this targeting began in late November 2023. The perpetrators initially gained access by compromising a legacy test tenant account via a password spray attack, who’s permissions were leveraged to gain access to portions of their corporate email accounts. Emails and attached documents from senior leadership and employees from the cybersecurity department, legal department, and others were exfiltrated. Microsoft’s investigation into the incident indicated that information pertaining to Midnight Blizzard itself was the target.

The blog post states that the attack was not due to a vulnerability within Microsoft products or services and that their is not evidence to suggest compromise of customer environments, production systems, source code, or AI systems. 

“This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard,” written by the Microsoft Security Response Center.