Microsoft says Russian state-sponsored hackers broke into some company emails

Microsoft says Midnight Blizzard, a Russian state-sponsored group, behind attack

Microsoft said Friday it suffered a hack by Russia-affiliated threat actors that affected a "very small percentage" of corporate email accounts.

The Russian state-sponsored Midnight Blizzard hackers got into email accounts of some individuals on Microsoft’s senior leadership team, with some cybersecurity, legal and other workers also impacted, Microsoft said in a blog post.

Microsoft said it "immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access" upon learning of the attack on Jan. 12.

A logo marking the edge of the Microsoft corporate campus

Microsoft says Russian hackers recently broke into some corporate email accounts. (Toby Scott / SOPA Images / LightRocket / Getty Images)

It also notified shareholders of the incident in a filing with the Securities and Exchange Commission (SEC). 

MICROSOFT LAUNCHES SUBSCRIPTION-BASED CHATBOT, AI COPILOT PRO FOR $20 A MONTH

The apparent target of the hackers, also called Nobelium, was information about the group. Microsoft said they took some emails and attached documents during the incident.

Hacker computer monitors

A hacker sits behind monitors in a room. (iStock / iStock)

"The attack was not a result of a vulnerability in Microsoft products or services," the tech giant said. "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."

Rather, how they got access was by way of a "legacy non-production test tenant account" via a password spray attack, according to Microsoft.

MICROSOFT CEO SAYS HE'S COMFORTABLE WITH OPENAI'S NONPROFIT BOARD AFTER SAM ALTMAN TURMOIL

The company said it would "act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes."

Microsoft

Microsoft said it was working with law enforcement and had informed regulators about the breach.

Ticker Security Last Change Change %
MSFT MICROSOFT CORP. 415.49 -2.30 -0.55%

It "has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations," according to Microsoft’s SEC filing.

Microsoft logo

"To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems," Microsoft said. (Dado Ruvic / Illustration / File / Reuters Photos)

Just a few days before Microsoft’s report of the attack, Allianz Commercial released a report identifying cyber incidents as 2024’s "top business risk."

MICROSOFT BRIEFLY OVERTAKES APPLE AS WORLD'S MOST VALUABLE COMPANY

Cyber incidents also came in No. 1 in 2023 as the biggest threat to businesses, according to Allianz. Other years in which it ranked most highly out of 10 types of risks included 2022 and 2020.