[ad_1]
Microsoft this week revealed a nation-state attack on its corporate systems. The company says the attacked occurred on Jan. 12 and was orchestrated by Midnight Blizzard, also known as Nobelium, the same Russian state-sponsored group of hackers that were involved in the SolarWinds attack in 2019.According to Microsoft, the threat actor used a password spray attack to compromise a legacy non-production test tenant account. Hackers were then able to access “a very small percentage of Microsoft corporate email accounts.” Those accounts included members of the company’s senior leadership team as well as employees in the company’s “cybersecurity, legal, and other functions.” The company’s investigation of the attack suggests hackers were looking for information specifically related to Midnight Blizzard.Microsoft says the attack wasn’t the result of any vulnerability in its systems, and that there was never any threat to customers. It “will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators.”
Recommended by Our Editors
The company also says that it’s “deeply committed to sharing more information and our learnings, so that the community can benefit from both our experience and observations about the threat actor. We will provide additional details as appropriate.”
Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
[ad_2]
