A recent Microsoft data breach also let Russian hackers compromise US federal agencies
US Department of Veteran Affairs and several others were seemingly compromised
The cybersecurity breach that hit Microsoft in late 2023 also impacted the US Department of Veteran Affairs (VA), the US Agency for Global Media (USAGM), and the Peace Corps.
The comapony notified both organizations about the breach in March 2024, and has even warned USAGM that the attackers might have stolen some data from its servers. Security data, as well as personally identifiable information (PII), was probably not taken.
“As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” Microsoft spokesperson Jeff Jones said to The Verge. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”
Midnight Blizzard
In late November 2023, Russian state-sponsored threat actors known as Midnight Blizzard (AKA Nobelium, or Cozy Bear) targeted Microsoft and managed to steal some sensitive information from certain highly-positioned individuals, including senior executives. It is not known exactly how many emails were accessed, but Microsoft did say that compromised accounts included those belonging to members of senior leadership and those working in cybersecurity and legal departments.
The attack was spotted on January 12, and Microsoft noted the subsequent changes in the approach to security might cause some disruptions.
At the time, the company noted how the attackers managed to compromise a legacy non-production test tenant account via a password spray attack.
The group used that access to gain access to “a very small percentage” of Microsoft corporate accounts, the company said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Some emails and attached documents” were stolen, Microsoft said, stating that the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.”
More from TechRadar Pro
- Hundreds of Cobalt Strike linked servers taken down in major police operation
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.