https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Skip to main content [RE1Mu3b] Microsoft MSRC MSRC MSRC * Home * Report an issue + Report Security Vulnerability + Report Abuse + Report Infringement + Submission FAQs * Customer guidance + Security Update Guide + Exploitability index + Developer API documentation + Frequently Asked Questions + Technical Security Notifications * Engage + Microsoft Bug Bounty Programs + Microsoft Active Protections Program + BlueHat Security Conference + Researcher Recognition Program + Windows Security Servicing Criteria * Who we are + Mission + Cyber Defense Operations Center + Coordinated Vulnerability Disclosure + Social * Blogs + Microsoft Security Response Center + Security Research &Defense + BlueHat Conference Blog * Acknowledgments + Security Researcher Acknowledgments + Online Services Researcher Acknowledgments + Security Researcher Leaderboard * More * All Microsoft + Global o Microsoft 365 o Teams o Copilot o Windows o Surface o Xbox o Deals o Small Business o Support + Software Software o Windows Apps o AI o Outlook o OneDrive o Microsoft Teams o OneNote o Microsoft Edge o Skype + PCs &Devices PCs &Devices o Computers o Shop Xbox o Accessories o VR &mixed reality o Certified Refurbished o Trade-in for cash + Entertainment Entertainment o Xbox Game Pass Ultimate o PC Game Pass o Xbox games o PC and Windows games o Movies &TV + Business Business o Microsoft Cloud o Microsoft Security o Dynamics 365 o Microsoft 365 for business o Microsoft Power Platform o Windows 365 o Microsoft Industry o Small Business + Developer &IT Developer &IT o Azure o Developer Center o Documentation o Microsoft Learn o Microsoft Tech Community o Azure Marketplace o AppSource o Visual Studio + Other Other o Microsoft Rewards o Free downloads &security o Education o Gift cards o Holiday gifts o Licensing o Unlocked stories + View Sitemap [ ] Search Search Microsoft.com * No results Cancel * blog * 2024 * 01 * microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard / Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard / By MSRC / January 19, 2024 / 2 min read The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. As part of our ongoing commitment to responsible transparency as recently affirmed in our Secure Future Initiative (SFI), we are sharing this update. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed. The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required. This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard. As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk - the traditional sort of calculus is simply no longer sufficient. For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes. This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy. We are continuing our investigation and will take additional actions based on the outcomes of this investigation and will continue working with law enforcement and appropriate regulators. We are deeply committed to sharing more information and our learnings, so that the community can benefit from both our experience and observations about the threat actor. We will provide additional details as appropriate. --------------------------------------------------------------------- Previous Post [ ] RSS feedSubscribe Categories * MSRC (1059) * Japan Security Team (1021) * Security Research & Defense (379) * BlueHat (189) * Microsoft Threat Hunting (5) * Bug Bounty Programs (4) * Security Research (1) Tags * sekiyuriteiQing Bao (465) * Cui Ruo Xing (248) * adobaizari (174) * Internet Explorer (IE) (156) * Security Update (140) * Security Advisory (134) * Security Bulletin (133) * Mitigations (128) * Community-based Defense (108) * Microsoft Windows (106) * View all Tags Recent Posts * Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard * BlueHat India Call for Papers is Now Open! * Microsoft addresses App Installer abuse * Azure Serial Console Attack and Defense - Part 2 * Introducing the Microsoft Defender Bounty Program Archives * January 2024 (4) * December 2023 (3) * November 2023 (10) * October 2023 (9) * September 2023 (6) * View full Archive What 's new * Surface Laptop Studio 2 * Surface Laptop Go 3 * Surface Pro 9 * Surface Laptop 5 * Surface Studio 2+ * Copilot in Windows * Microsoft 365 * Windows 11 apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Certified Refurbished * Microsoft Store Promise * Flexible Payments Education * Microsoft in education * Devices for education * Microsoft Teams for Education * Microsoft 365 Education * How to buy for your school * Educator training and development * Deals for students and parents * Azure for students Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 * Microsoft Power Platform * Microsoft Teams * Microsoft Industry * Small Business Developer &IT * Azure * Developer Center * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio Company * Careers * About Microsoft * Company news * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Sustainability English (United States) Your Privacy Choices Your Privacy Choices * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety &eco * Recycling * About our ads * (c)Microsoft 2024