Microsoft disclosed that some of its corporate email accounts were breached and data was stolen by the Russian state-sponsored hacking group known as “Midnight Blizzard”.
The company detected the attack on January 12, 2024. The hackers accessed a small percentage of Microsoft corporate email accounts, including members of the senior leadership team and employees in cybersecurity, legal, and other functions.
They exfiltrated some emails and attached documents. However, there is no evidence that the threat actors had any access to customer environments, production systems, source code, or AI systems.
Microsoft is in the process of notifying employees whose email was accessed. The attack was not the result of a vulnerability in Microsoft products or services. The investigation is ongoing5. Please refer to the sources for more details.
