By Dean Seal

Microsoft disclosed Friday that it was targeted by a Russian state-sponsored hacking group that stole information from its senior leadership team and other employees.

The tech giant detected last week that the threat actor, which it has identified as the group Midnight Blizzard, had extracted information from a small percentage of employee email accounts. Based on a preliminary analysis, those accounts included members of its senior leadership team and employees in its cybersecurity and legal teams.

In a blog post, Microsoft said the group used a password spray attack that compromised one legacy non-production test tenant account, then used the account's permissions to gain access to the Microsoft corporate email accounts starting in late November.

The hackers initially targeted accounts related to Midnight Blizzard itself, the company said. The owners of the affected accounts are being notified.

Microsoft was able to remove the intruder's access to the email accounts on Jan. 13 and is still assessing the impact of the incident. The company is also investigating the extent of the incident and working with law enforcement.

The company said it hasn't determined whether the incident is likely to affect its financial condition or the results of its operations, but that there hasn't been a material impact on operations so far.

The intrusion wasn't the result of a vulnerability in Microsoft products or services, and there is no evidence that the intruders had any access to customer environments, production systems, source code, or AI systems, the company said.

In a blog post last August, Microsoft said it had detected Midnight Blizzard, previously known as Nobelium, launching targeted social engineering attacks that used Microsoft Teams chats to phish for credentials.

Microsoft's investigation into the group at that time had uncovered that fewer than 40 unique global organizations had been affected by Midnight Blizzard's attacks.

The former Nobelium group has been linked by U.S. authorities to the Foreign Intelligence Service of the Russian Federation and is known for its involvement in the massive SolarWinds hack of 2020.

Write to Dean Seal at


(END) Dow Jones Newswires

January 19, 2024 18:10 ET (23:10 GMT)

Copyright (c) 2024 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Mar 2024 to Apr 2024 Click Here for more Microsoft Charts.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Apr 2023 to Apr 2024 Click Here for more Microsoft Charts.