NAIROBI, Kenya- In a fresh wave of cybersecurity alerts, Microsoft is notifying additional individuals that their email correspondence with the tech giant was accessed by Russian hackers.
The attack, orchestrated by the group known as Midnight Blizzard (or Nobelium), is linked to the same perpetrators behind the infamous 2020 SolarWinds hack.
The US government has tied Midnight Blizzard to the Russian Foreign Intelligence Service, making this breach a significant concern.
Microsoft initially disclosed the breach in January, revealing that a password spray attack had compromised a small percentage of corporate email accounts in late 2023.
This week, the company is reaching out to more affected individuals, providing them with specific details about the email correspondence accessed by the hackers.
“We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” a Microsoft spokesperson explained.
These notifications aim to offer increased transparency to those impacted, addressing initial concerns that the alerts might be phishing scams.
US Government’s Response and Criticism
The US government’s reaction to this breach has been critical and forceful. A March report from the Cyber Safety Review Board criticized Microsoft’s security culture, describing it as “inadequate and requiring an overhaul.”
In April, the US Cybersecurity and Infrastructure Security Agency (CISA) took further action by issuing an order for federal agencies to analyze the hacked emails and secure Microsoft cloud accounts.
This directive included notifying all impacted agencies and demanding regular updates on their progress in mitigating this “grave and unacceptable risk.”
In response to the attack, Microsoft has maintained that vulnerabilities in its systems were not responsible for the breach.
Nevertheless, the company has committed to enhancing its security measures to prevent future incidents.
Employees whose emails were compromised included senior leadership, cybersecurity, and legal team members, highlighting the sophisticated nature of the attack.