Microsoft experienced a hacking incident initiated by Russian state hackers, who gained access to the inboxes of senior executives for at least six weeks. The attack, which occurred in late November, resulted in the exfiltration of email and documents from the accounts of “senior leadership” and employees in the cybersecurity and legal departments. However, Microsoft stated that there is no evidence that the hackers accessed customer data, production systems, source code, or AI systems. The Russian state hacking group known as Midnight Blizzard, formerly Nobelium, APT29, or CozyBear, was identified as the perpetrator. Microsoft stock is down in after-hours trading following the disclosure of the incident.
The hackers executed a password spraying attack to gain access to a legacy non-production test tenant account, from which they were able to access a small percentage of corporate email accounts. The initial target of the attack was information related to Midnight Blizzard itself. Microsoft has not clarified the definition of “senior leadership” within the company. It is too early to determine the potential impact on Microsoft’s financial condition or operations, but the company has committed to applying current security standards to legacy systems, even if it causes disruptions to existing business processes.