In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also identified as Nobelium or APT29. Microsoft’s disclosure aligns with new U.S. requirements for reporting cybersecurity incidents. The attack was detected on January 12th, 2023, but it appears to have started in November 2023.

The Breach and Attack

The attack involved Russian hackers using a password spray attack to access a legacy non-production test tenant account at Microsoft. Password spraying is a brute force technique where attackers attempt to log in using a list of potential usernames and passwords.