Microsoft Corporate Email Accounts Compromised by Midnight Blizzard

Beginning in late November 2023, the Midnight Blizzard intrusion set (linked to Russian Foreign Intelligence, SVR) compromised Microsoft's corporate systems.

The actor was able to "access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents."

Further investigation by Microsoft found that Midnight Blizzard used exfiltrated information in further attempts to gain access to other internal systems and data (including source code).

msrc.microsoft.com

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/

www.splunk.com

https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-navigating-the-shadows-of-midnight-blizzard.html

posts.specterops.io

https://posts.specterops.io/microsoft-breach-what-happened-what-should-azure-admins-do-da2b7e674ebc

msrc.microsoft.com

https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/