Microsoft has warned customers that some of their emails were accessed by Russian hackers during a breach on its internal systems in late 2023, after initially stating that only its internal communications were exposed.
On 19 January 2024, Microsoft notified customers it had detected a cyber attack on its corporate email system.
The attack, leveraged by Russian state-affiliated hacking group Midnight Blizzard, also known as Nobelium, began in November 2023, reportedly using a password spraying technique to compromise a legacy account.
Once the attackers gained a foothold within Microsoft’s corporate network, they used the account’s permissions to access what it described as “a very small percentage” of Microsoft corporate email accounts.
These accounts included some belonging to members of its senior leadership team as well as staff from the tech giant’s security and legal teams.
Microsoft noted the attackers appeared to be focused on finding and exfiltrating any information Microsoft had pertaining to the threat collective and their malicious activities.
In March 2024, Microsoft updated customers that it had observed evidence of the threat actors using the information exfiltrated during the initial breach to attempt to gain further unauthorized access to its environments, including some of the firm’s source code repositories and internal systems.
Now, more than six months after the initial incident, Microsoft is informing certain users that their emails were also compromised during the breach.
According to a statement provided to Bloomberg, Microsoft is currently in the process of notifying those customers who corresponded with its corporate email accounts and thus had their communications exposed.
A Microsoft spokesperson has said it was sharing the compromised emails with customers to give them more details on the scope of the information accessed by threat actors. The company stressed its continued commitment to keeping them in the loop as the situation develops.
“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” the spokesperson said.
“This is increased detail for customers who have already been notified and also includes new notifications. As we said previously, we’re committed to sharing information with our customers as our investigation continues.”
This latest disclosure comes amid intense scrutiny of the firm’s cyber practices, with a series of high profile incidents raising questions around the company’s security posture.
Earlier this year, a report from the Cyber Safety Review Board heavily criticized Microsoft’s conduct in response to the Summer 2023 Exchange Intrusion, which saw state-backed Chinese threat actors gain access to the mailboxes of over 500 individuals at 22 different organizations.
Many of the individuals exposed during the breach were senior US government officials, including Secretary of State of Commerce Gina Raimondo and Ambassador to China R. Nicholas Burns.
The report slammed the tech giant for a “cascade of security failures” and a “lax corporate culture” that deprioritized enterprise security investments and rigorous risk management.
Giving testimony to the US House Committee on Homeland Security, Microsoft president Brad Smith recently acknowledged Microsoft’s role in developing and maintaining many of the systems that underpin critical infrastructure in the nation.
Smith promised the company would be taking additional steps to improve its security shortcomings, one of which was tying senior executive pay to meeting internal security targets to ensure leaders prioritize security outcomes, regardless of their vertical.
Muhammad Ribkhan via Pixabay
"*" indicates required fields
Software Asset Management is a business practice that involves managing and optimising the life cycle of software within an organisation.
Software asset management is relevant to many facets of a business - take a look at some of the roles that it can form part of the focus of.
Software vendors come in all shape and sizes - all with their own set of licensing models and rules. We take a look at just a few of them.
As a constantly evolving subject, SAM is not without its challenges. We take a look at some of the most common ones.
Wondering what an investment in SAM could do for your business? Fill out a few details and find out what return you could get!
Answer a few questions about your SAM infrastructure & experience, and we'll put together a personalised recommendation for the future.
A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.
Just like you would with your vehicle each year, get an annual check up of your software asset management programme.
Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!
Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.
Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.
A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.
A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.
A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.
An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.
In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.
Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.
We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.
Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!