Microsoft revealed Friday that a Russian state-sponsored actor known as Nobelium accessed its internal systems and executive email accounts.
- “Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft said in a regulatory filing.
- The company said “the attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”
- Microsoft said its initial investigation shows that the group, also known as Midnight Blizzard, was looking for information about itself. The group is associated with the 2020 SolarWinds attack.
- The tech giant, which detected the breach last week, said it is working with law enforcement.