Microsoft confirms hack from state-sponsored Russian group

Microsoft has claimed to have been the subject of a Russian state-sponsored cyberattack.

The company said that the hacker group known as Nobelium was able to access "a very small percentage" of its corporate email accounts, including accounts belonging to some members of its senior leadership team.

Starting in Late November 2023, Nobelium, also known as Midnight Blizzard, used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, Microsoft said.

The company added that the group also gained access to accounts of members of the cybersecurity and legal team, and that it exfiltrated some emails and attached documents.

In a blog post, Microsoft said that the attack was not the result of a vulnerability in its products or services, and that there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

The post notes: “Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient.

“For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.”

Microsoft was compelled to disclose the attack as a result of a new regulatory requirement of the US Securities and Exchange Commission (SEC) which mandates that publicly-owned companies promptly disclose cyber incidents, with affected parties made to file a report about a hack’s impact within four business days of discovery.



Share Story:

Recent Stories


The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.

The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.