Microsoft has disclosed that a Kremlin-backed hacker group, previously linked to a January breach of its internal systems, accessed a larger number of customer emails than initially reported, according to Bloomberg News.
A Microsoft spokesperson informed the outlet that the group, identified as Midnight Blizzard, is now under investigation for further breaches affecting additional customers. Affected parties, including previously notified individuals, will receive detailed notifications outlining the types of accessed information.
“This update provides enhanced detail for previously notified customers and includes new notifications,” the spokesperson stated in an email. “We remain committed to transparency as we continue our investigation and share information with our customers.”
The initial breach by Midnight Blizzard, disclosed on January 19th in a filing with the US Securities and Exchange Commission, revealed unauthorized access to emails belonging to Microsoft’s senior leadership, cybersecurity experts, and legal department personnel. The hackers reportedly used stolen credentials to contact Microsoft customers.
Following Microsoft’s investigations, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive in April, alarmed by ongoing threats to Azure clients within the US government.
Midnight Blizzard, also known as Nobelium or APT29, gained initial access to Microsoft’s systems months earlier through a technique known as password spraying, which involves systematically attempting common passwords across multiple user accounts.
The group gained notoriety for the SolarWinds hack in 2020 and has since been linked to phishing campaigns targeting EU government agencies assisting Ukraine, as per research by BlackBerry.
Microsoft has refrained from disclosing specific corporate customers affected by the breach, past or present.
Related topics:
OpenAI and Microsoft Face New Copyright Infringement Lawsuit from Investigative News Nonprofit
OpenAI and Time Announce Groundbreaking AI Training Partnership