Microsoft revealed on Friday night that the Russian state-sponsored hacking group Midnight Blizzard had breached and stolen data from some of its corporate email accounts.
On January 12th, the company discovered the attack, and Microsoft started its investigation, disruption, or mitigation of the breach as a result.
According to their investigation, they were breached by the threat actor known as APT29, Midnight Blizzard, aka , and Nobelium.
According to Microsoft, the threat actors attacked their systems in November 2023 in order to access a legacy non-production test tenant account.
Nobelium was able to access a small portion of Microsoft’s corporate email accounts, including members of the leadership team and those in the cybersecurity and legal departments, for more than one month using the permissions granted by this account.
The attackers were able to steal emails and attachments from the corporate accounts thanks to this access.
The Microsoft Security Response Center stated in an a  report on the incident that” the investigation suggests they were initially targeting email accounts for information related to Midnight Blizzard itself.”
” We are in the process of notifying staff members whose emails were accessed.”
Microsoft maintains that this breach was not brought on by a flaw in their goods or services, but rather by an account-based brute force password attack.
Microsoft said they will provide more information as necessary even though the breach is still under investigation.
Nobelium, who is he?
Nobelium is a Russian state-sponsored actor andnbsp who is thought to be responsible for the 2020 SolarWinds supply chain attack, which also affected Microsoft.
Microsoft later confirmed that a small number of Azure, Intune, and Exchange components could be stolen using the SolarWindsattack .
The hacking group   breached a Microsoft corporate account once more in June 2021, giving them access to customer support tools.
The hacking group, which is thought to be a part of Russia’s Foreign Intelligence Service ( SVR ), has been linked to numerous attacks around the world, including those against diplomats, government agencies, and the nbsp.