Sophisticated APT Cyberattack Linked to Russia Compromises Email Systems, Microsoft and Senior Executives Targeted

The theft of emails and attachments from senior executives and other members of the company’s cybersecurity and legal departments resulted in Microsoft being the target of a nation-state attack on its corporate systems, it was revealed on Friday.

APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes are other names for the Russian advanced persistent threat ( APT ) group that the Windows maker tracks as Midnight Blizzard ( previously Nobelium ).

It added that as soon as the malicious activity was discovered on January 12, 2024, it immediately took steps to investigate, disrupt, and mitigate it. According to estimates, the campaign started in late November 2023.

The threat actor “exfiltrated some emails and attached documents” and “used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions,” according to Microsoft.

According to Redmond, the targeting’s nature suggests that the threat actors were seeking access to information about themselves. It also emphasized that there is no proof that the attacker accessed customer environments, production systems, source code, or AI systems and that it was not the result of any security flaw in its products.

The computing behemoth, however, said it was the process of notifying employees who were impacted as a result of the incident and did not disclose how many email accounts were infiltrated or what information was accessed.

The hacking group, which was previously in charge of the high-profile SolarWinds supply chain compromise, has singled out Microsoft twice, once in December 2020 to steal source code related to Azure, Intune, and Exchange components and twice in June 2021 to breach three of its customers using password spraying and brute force attacks.

According to the Microsoft Security Response Center ( MSRC ),” this attack does highlight the ongoing risk posed to all organizations by well-resourced nation-state threat actors like Midnight Blizzard.”