Join Us Now

Microsoft shared in a recent regulatory filing that a Russian-linked intelligence group accessed some of the email accounts for top executives and employees of its legal and security teams. And while Microsoft officials say the attack hasn’t had a material effect on its operations, the incident underscores how increasingly ‘sophisticated’ nation-state actors and other cyber-criminals have become.

Microsoft attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard. The group is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear and The Dukes.

The hackers were able to exploit a vulnerable password to compromise Microsoft’s corporate network to access emails and documents.

In its SEC disclosure, Microsoft revealed the following:

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed.

The same threat actor also attacked HPE in May 2023. Reports reveal that Midnight Blizzard has been formally tied to Russia’s Foreign Intelligence Service by the U.S. government.

As ransomware, phishing, supply-chain and other types of cyber-attacks continue to grow in complexity and volume, traditional cyber strategies and techniques to safeguard the enterprise need to be re-examined and refreshed, according to HMG Strategy’s 2024 Technology Research Agenda. Further complicating these challenges is the continuing cyber skills shortage that CISOs and their organizations are facing along with organizational downsizing.

This is one of the reasons why we launched the HMG Innovation Accelerator Series, a forum for connecting CISOs, CIOs and cybersecurity leaders with the CEOs and leaders of innovative cybersecurity companies regarding the challenges they solve for clients, the innovation they deliver to companies and how their solutions are differentiated in the market.

Our next Innovation Accelerator will take place at the 16^th Annual Silicon Valley Global Innovation Summit on March 7 at the Hotel Nia in Menlo Park. Cyberstarts General Partner Emily Heath will lead a discussion with the CEOs and founders of innovative cybersecurity start-ups she’s working with.

Click here to learn more about the Silicon Valey Global Innovation Summit and to register.