What Happened
In January 2024, Microsoft detected a nation-state cyberattack by the Russian state-sponsored group Midnight Blizzard (also known as Nobelium) on January 12, which began in late November 2023 via a password spray attack on a legacy non-production test tenant account lacking multi-factor authentication, enabling access to a small percentage of corporate email accounts—including those of senior leadership, cybersecurity, and legal teams—from which emails and attached documents were exfiltrated. The attackers used stolen data, such as credentials shared in emails, to attempt further unauthorized access to source code repositories and internal systems, though Microsoft reported no evidence of compromise to customer environments, production systems, source code, or AI systems, and promptly mitigated access by January 13 while notifying affected employees and relevant customers. The number of records impacted remains unspecified, but it affected hundreds of accounts per some reports, highlighting risks from well-resourced nation-state actors rather than product vulnerabilities. Microsoft continues investigating and enhancing defenses under its Secure Future Initiative.
