More of Microsoft’s clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes.
In January, Microsoft revealed that members of the “Midnight Blizzard” hacking group (also known as APT29 or Cozy Bear) had compromised the tech giant’s systems in late 2023. They did this by using a “password spray” brute-force attack, accessing email accounts belonging to its senior leadership team as well as employees in its legal and cybersecurity units.
Once the hackers had compromised Microsoft staff accounts, they were able to access communications exchanged between the company and its customers.
Microsoft is now actively notifying affected customers with details of how they can determine which of their emails were accessed. Although some customers had previously been informed that their private communications had been compromised, others are only learning about the security breach now.
“This week, we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” said a Microsoft spokesperson. “We are providing customers with the email correspondence that was accessed by this actor. This includes increased detail for customers who have already been notified, as well as new notifications.”
The email notification provides affected Microsoft customers with a custom-built portal through which they can review compromised email messages.
No doubt some of those organisations affected will be concerned that the Russian-linked hackers might use information derived from their compromised communications with Microsoft to launch attacks against their companies as well.
Ironically, some recipients of the warning from Microsoft initially thought it was itself illegitimate and posted their concerns on Reddit.
The notorious Midnight Blizzard group (aka Cozy Bear or APT29) was previously responsible for the hack of SolarWinds, one of the most infamous supply-chain cybersecurity attacks in history. Â The Kremlin-backed hackers managed to roll-out a poisoned update to thousands of SolarWinds customers.
Microsoft’s cybersecurity practices are currently under intense scrutiny after a series of high-profile incidents.
Last year, a hacking gang linked to China separately hacked Microsoft in a separate attack, stealing thousands of US federal government emails.
And in April this year, the US government slammed Microsoft for its “inadequate” security culture. The government cited the Midnight Blizzard attack as evidence that the company had not resolved the issue.