The attack was apparently carried out by the group behind the SolarWinds supply chain attack in 2021.
Microsoft said today that it was hacked by a “Russian state-sponsored actor” called Midnight Blizzard, also known as Nobelium. That’s the same group of hackers suspected to be responsible for the major SolarWinds supply chain hack that occurred in 2020.
“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft wrote.
“The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.”
Microsoft didn’t elaborate on what information Midnight Blizzard/Nobelium may have been looking for, but there’s a long history between the two. In 2021, following the SolarWinds hack, Microsoft posted a four-part blog/video series on the group that “pulls the curtain back on the NOBELUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history.
