Microsoft is continuing to inform customers about the breach involving Russian hackers known as Midnight Blizzard. The breach, which occurred late last year, resulted in the compromise of senior leaders’ emails and attempted access to customer communications, including government bodies.

The breach was initially disclosed in January, with Microsoft stating that only a small percentage of corporate accounts were affected. However, hackers were able to access emails and attached documents using a password spraying technique to infiltrate accounts belonging to senior leaders and other targeted employees.

In response to the breach, Microsoft is providing clients with a secure link to designate someone within their organization to review the compromised messages. This custom-built system allows for a more controlled and secure review process for the affected accounts.

Midnight Blizzard, also known as Nobelium and APT29, is a notorious Russian hacking group affiliated with the Russian Foreign Intelligence Service, SVR. The group is responsible for the 2020 SolarWinds supply chain attack, where malicious code was embedded in a software update to gain further access to customer systems.

In addition to the SolarWinds attack, Midnight Blizzard has targeted cybersecurity firm FireEye, government agencies, IT service providers, and the Ukrainian government during the ongoing conflict. The group’s sophisticated tactics and history of high-profile attacks have raised concerns about cybersecurity practices at Microsoft.

A critical report by the US Cyber Safety Review Board in April highlighted Microsoft’s inadequate response to cybersecurity incidents, including a separate 2023 breach where Chinese hackers accessed emails of US government officials. The report criticized Microsoft for a “cascade of security failures” and a lack of prioritization on addressing the current threat landscape.

The urgency of the situation prompted action from US federal agencies, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency directive mandating government agencies to analyze emails, reset compromised credentials, and enhance security measures for Microsoft cloud accounts. The CISA warned that the Microsoft breach posed a “grave and unacceptable risk” to government agencies.

This latest breach involving Midnight Blizzard has further raised questions about cybersecurity measures at Microsoft and the ongoing threats posed by sophisticated hacking groups. The need for enhanced security practices and proactive measures to protect sensitive information remains a top priority for organizations facing ongoing cyber threats.

Link na izvor