More Microsoft Customers Learn Russian Hackers Saw Their Emails

‘Midnight Blizzard’ stole emails from senior Microsoft leaders.

Bloomberg News

June 28, 2024

3 Min Read
art featuring padlock and shield icons

(Bloomberg) -- More Microsoft Corp. customers are learning that emails they exchanged with the software giant were hacked by a Russian group as part of a previously reported, state-sponsored breach that had already ensnared US government agencies.

In January, Microsoft disclosed that hackers had stolen senior leaders’ emails and were trying to use them to break into customers’ communications, including those of government agencies. The company blamed the attack on a group called “Midnight Blizzard” that US and UK authorities have said is part of the Russian Foreign Intelligence Service. 

Microsoft is now telling customers which of their emails were hacked by the group, a company spokesperson said. Some of these clients had already known they were affected by the breach. Others were hearing it for the first time now that Microsoft has had more time to assess the damage, a sign that the hack has had broader repercussions than initially thought. Microsoft declined to say which customers received notices. 

The hack is the latest in a series of high-profile and damaging security failures at the Redmond, Washington-based technology company, which has drawn strong condemnation by the US government. In April, a government review board issued a scathing report that criticized Microsoft for having an “inadequate” security culture and cited Midnight Blizzard as evidence that the company hadn’t yet fixed the problem.  

Related:Multifactor Authentication Is Not Enough to Protect Cloud Data

“This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor,” a Microsoft spokesperson said in a statement. 

Shares of Microsoft were virtually unchanged early Friday after declining on the news in late trading on Thursday. 

In email notifications reviewed by Bloomberg News, Microsoft gave clients a link through which they could designate someone to review the compromised messages in a custom-built, secure system.

“You are receiving this notification because emails were exchanged between Microsoft and accounts in your organization, and those emails were accessed by the threat actor Midnight Blizzard as part of their cyberattack on Microsoft,” the notice states. It prompted concern among some Microsoft customers, who took to the social media site Reddit looking for guidance on whether the message was a phishing attempt.

Microsoft is in the middle of the biggest security overhaul in decades. Earlier this month, Microsoft President Brad Smith appeared contrite at a hearing of the House Committee on Homeland Security, saying the company took full responsibility for its lapses. 

Related:How To Implement Zero-Trust Security in Linux Environments

In April, US federal agencies were ordered to analyze emails, reset compromised credentials and work to secure Microsoft cloud accounts amid concerns that the Midnight Blizzard hackers may have accessed correspondence.

The US Cybersecurity and Infrastructure Security Agency, which issued the emergency directive, said the hack of Microsoft represents a “grave and unacceptable risk” to government agencies. CISA didn’t respond to requests for comment Thursday. 

Midnight Blizzard, which is also known as APT29 and Cozy Bear, is the same hacking outfit that the US and UK said was responsible for the 2021 for the cyberattack on SolarWinds Corp. 

In the SolarWinds attack, malicious code was inserted in a software update that allowed the intruders to gain further access to customers. In all, about 100 companies and nine federal agencies were targeted for further attacks.

In a 2023 hack of Microsoft Exchange Online mailboxes, outsiders breached 22 organizations and hundreds of individuals. US Commerce Secretary Gina Raimondo; the US ambassador to China, Nicholas Burns; and Representative Don Bacon, a Nebraska Republican, were among those ensnared in that campaign

On Friday, the German software firm TeamViewer SE disclosed that it had become the latest victim of Midnight Blizzard. The company’s investigation into the breach indicates an attack occurred on June 26 and was tied to the credentials of a standard employee account. Shares of the company tanked on the news. 

About the Author(s)

Bloomberg News

The latest technology news from Bloomberg.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like