Microsoft revealed on Friday that a Russian hacking group, identified as Midnight Blizzard or Nobelium, gained unauthorized access to certain email accounts belonging to the company’s senior leaders. The software corporation disclosed the incident in a regulatory filing, stating that it detected a “nation-state attack” on its systems on January 12 and successfully halted the intrusion on January 13.
According to the filing, Nobelium utilized a “password spray attack” in November, a method involving the trial of commonly used passwords, to infiltrate a “legacy” account. Subsequently, the group leveraged the permissions of that compromised account to access a “very small percentage” of corporate email accounts. The affected accounts included those of Microsoft senior leadership, as well as employees in cybersecurity, legal, and other departments.
Microsoft clarified that Nobelium’s primary objective initially appeared to be gathering information about the hacking group itself. There was no indication that the group gained access to customer accounts or AI systems. Microsoft is actively notifying employees whose emails were accessed and will inform customers if any action is necessary on their part.
The company emphasized that the attack did not stem from a vulnerability in its products or services. Instead, it underscored the ongoing risk organizations face from “well-resourced nation-state threat actors” like Nobelium. Notably, Nobelium was also responsible for the high-profile 2020 attack on the software company SolarWinds, targeting various government agencies, including the Pentagon.
Microsoft’s disclosure aligns with new government requirements mandating the disclosure of cybersecurity incidents. Under these regulations, companies must report any cybersecurity incident deemed to have a “material impact,” detailing the extent and nature of the impact. While Microsoft does not believe the attack had a material impact, the company opted to adhere to the spirit of the new rules by making the disclosure.