Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Microsoft Email Breach Impacted Company’s Top Executives

Executive Summary

In a recent cyberattack, Microsoft faced a breach that allowed unauthorised access to email accounts and attachments of senior executives. This breach was linked to the Russian APT group Midnight Blizzard (formerly Nobelium), known for its involvement in the SolarWinds supply chain compromise.

Subsequently, Microsoft initiated an investigation and is making efforts to mitigate the issue. Collaboration with law enforcement is also ongoing.

Importantly, Microsoft has confirmed that its core products and services remain secure, with no impact on customer data.

This incident underscores the importance of effectively protecting corporate executives and secrets in the digital age.

What Happened

Microsoft fell victim to a targeted attack on its corporate systems. The attackers managed to gain unauthorised access to email accounts and attachments. These accounts belonged to senior executives and personnel in the cybersecurity and legal departments.

The attackers utilised a technique known as a password spray attack to gain entry. In this method, multiple password attempts were made to breach a legacy test account.

Once the attackers successfully gained access to this account, they established a foothold within Microsoft’s corporate network. From there, they were able to infiltrate a portion of the company’s email accounts, including those belonging to senior executives.

Microsoft’s Response

Upon discovering the breach on January 12, 2024, Microsoft acted swiftly to investigate, disrupt, and mitigate the malicious activity.

The company reassured its customers that no customer data was compromised during the attack. Microsoft is working closely with law enforcement to understand the motives of the threat actors and is taking steps to enhance its security posture to prevent similar attacks in the future.

Impact of the Incident

The exact number of compromised email accounts and the nature of the accessed information were not disclosed. However, Information related to company strategies, intellectual property, and government contracts could be at risk. Therefore, this breach raises concerns about potential espionage and the exposure of sensitive corporate data.

On the other hand, Microsoft confirmed that the incident did not result from any security vulnerabilities in its products or services. The company also emphasised the integrity of Microsoft’s core offerings.

In a regulatory filing on January 17, 2024, Microsoft provided additional details about the impact of the incident:

We were able to remove the threat actor’s access to the email accounts on or about January 13, 2024. As of the date of this filing, the incident has not had a material impact on the Company’s operations. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

The Attackers

This attack was attributed to a Russian advanced persistent threat (APT) group known as Midnight Blizzard, formerly Nobelium. The group is infamous for its involvement in the high-profile SolarWinds supply chain compromise.

Midnight Blizzard is believed to have targeted Microsoft twice before, aiming to access sensitive information related to the company.

Their primary objective appeared to be accessing information related to Microsoft.

Closing Comments

State-sponsored cyberattacks pose an escalating and serious threat, as the breach of Microsoft’s emails demonstrates.

In today’s digital landscape, well-resourced nation-state actors continue refining their tactics and targeting both government agencies and private enterprises. This incident serves as a reminder that no organisation is immune, and cybersecurity vigilance is paramount.

This breach highlights the critical need to safeguard not only an organisation’s infrastructure but also its key personnel and sensitive information. Senior executives often hold the keys to a company’s strategic direction and possess invaluable corporate secrets. Obviously, protecting executives and the secrets they hold should be a key priority. To gain a broad perspective on digitally securing executives, you can watch our recent interview here.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

Update Required Flash plugin