Many Microsoft customers have been warned that emails they exchanged with the company have been accessed by Russian hackers who have broken into their systems and spyed on employee inboxes.
Microsoft revealed in January that members of the “Midnight Blizzard” hacking group (also known as APT29 and Cozy Bear) had infiltrated the tech giant’s systems in late 2023. They used a “password spray” brute-force attack to gain access to email accounts belonging to employees on its senior management team, as well as its legal and cybersecurity departments.
Once hackers compromised Microsoft staff accounts, they gained access to communications exchanged between the company and its customers.
Microsoft is now proactively notifying affected customers with details on how they can verify which emails were accessed. Some customers were notified earlier that their private communications had been compromised, while others are only now finding out about the security breach.
“We continue to notify customers who interacted with Microsoft corporate email accounts stolen this week by the Midnight Blizzard threat actors,” a Microsoft spokesperson said. “We will provide customers with email communications accessed by this actor, including additional details for customers who have already been notified, as well as new notifications.”
Email notification provides affected Microsoft customers with a custom portal where they can review compromised email messages.
No doubt some affected organizations will be concerned that Russian-linked hackers could use information gained from compromised communications with Microsoft to launch attacks against them as well.
Ironically, some people who received the Microsoft warning initially thought the warning itself was unjustified and posted their concerns on Reddit.
The infamous Midnight Blizzard group (aka Cozy Bear, APT29) previously carried out the SolarWinds hack, one of the most notorious supply chain cybersecurity attacks in history. Kremlin-backed hackers successfully deployed a fraudulent update to thousands of SolarWinds customers.
Microsoft’s cybersecurity practices are currently under intense scrutiny following a series of high-profile incidents.
Last year, in a separate attack, a group of hackers linked to China hacked Microsoft and stole thousands of US federal government emails.
Then in April this year, the US government accused Microsoft of having a “deficient” security culture, citing the Midnight Blizzard attack as evidence that the company wasn’t fixing its problems.
