Microsoft says it was hit by Russian hackers who wanted to know its secrets

The attack was spotted on January 12, and Microsoft noted the subsequent changes in the approach to security might cause some disruptions.

Stealing sensitive data

In a blog post, the company noted how a group known as Nobelium (AKA Midnight Blizzard) managed to compromise a legacy non-production test tennant account via a password spray attack, in late November 2023. 

The group used that access to gain access to “a very small percentage” of Microsoft corporate accounts, the company said.

“Some emails and attached documents” were stolen, the announcement reads, stating that the information was related to the Nobelium group. “To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.” 

The investigation is still ongoing, and if Microsoft finds customer data was stolen, it will notify the affected individuals. At this time, there is nothing the customers can, or should, do.

Going forward, the company will apply its current security standards to legacy systems and internal business processes, as well, “even when these changes might cause disruption to existing business processes.” While this will likely cause some level of disruption, Microsoft sees this as a necessary first step in securing its infrastructure. At the same time, the investigation will continue, as the police and other relevant authorities are being notified. 

Last time we heard of Nobelium was in March 2023, when the group breached 40 firms via compromised Microsoft 365 accounts - but it is perhaps best known for its cyberattacks against SolarWinds in 2019 and the Democratic National Committee in 2015.

More from TechRadar Pro

• Microsoft Teams chats are being hijacked by Russian hackers to spy on your business
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now