Microsoft’s corporate systems were compromised in late November by the same Russian attacker behind the 2020 SolarWinds Orion software cyberattack. The Russian nation-state actor is known to Microsoft threat researchers as Midnight Blizzard. The breach was not detected until January 12.
The actor used a simple password-spray attack to access a test account. The attack led to the compromise of a very small percentage of Microsoft corporate email accounts. Breached email accounts included senior leadership and members of the cybersecurity and legal teams at Microsoft. The Nobelium attacker was apparently seeing what information Microsoft had on their operation. Microsoft vowed a cybersecurity overhaul of its legacy systems. The successful cyberattack should act as a reminder to not overlook sensitive information in systems like email and file sharing, according to the co-founder of DoControl, Omri Weinberg. The Nobelium APT has acted against Microsoft before. Last summer, the group used Teams phishing attacks against government and industrial organizations using compromised Microsoft 365 tenants.
Read More: Microsoft Falls Victim to Russia-Backed ‘Midnight Blizzard’ Cyberattack
