The cybersecurity breach that affected Microsoft in late 2023 also impacted the U.S. Department of Veterans Affairs (VA), the U.S. Agency for Global Media (USAGM), and the Peace Corps.
The company notified both organizations about the breach in March 2024, and even warned USAGM that attackers may have stolen some data from its servers. It is likely that no security data or personally identifiable information (PII) was taken.
“As our investigation continues, we have reached out to customers to notify them if they have communicated with a Microsoft corporate email account that has been accessed,” Microsoft spokesman Jeff Jones said. The edge“We will continue to coordinate, support and assist our customers in taking mitigation measures.”
Midnight Snowstorm
In late November 2023, Russian state-sponsored threat actors known as Midnight Blizzard (also known as Nobelium or Cozy Bear) targeted Microsoft and managed to steal sensitive information from certain high-ranking individuals, including senior executives. It is not known exactly how many emails were accessed, but Microsoft said the compromised accounts included those belonging to members of senior management and those working in legal and cybersecurity departments.
The attack was detected on January 12 and Microsoft said subsequent changes to its security approach could cause some disruption.
At the time, the company noted how attackers managed to compromise a non-production legacy test tenant account via a password spray attack.
The group used that access to gain access to “a very small percentage” of Microsoft corporate accounts, the company said.
“Some emails and attached documents were stolen,” Microsoft said, indicating that the information was linked to the Nobelium group. “To date, there is no evidence that the threat actor had access to customer environments, production systems, source code, or AI systems.”