It is now believed that other consumers have gained access to their emails from the compromise of Microsoft’s corporate email formula through the Midnight Blizzard risk group.
Microsoft has reportedly sent more notifications to consumers affected by the compromise of its email formula via Russian actor Midnight Blizzard.
According to Bloomberg, the tech giant informed its consumers that their emails had been accessed in connection with the breach first disclosed through Microsoft in January.
Microsoft attributed the attack to the geographic region organization it calls Midnight Blizzard, which in the past had been connected to Russia’s SVR foreign intelligence unit through the U. S. government.
[Related: George Kurtz, CEO of CrowdStrike: Microsoft’s Recall Shows Security Is Just Empty Words]
Portions of the text of the notification message shared through Bloomberg match those discovered in a message on a Microsoft. com site, which appears to have been posted through an affected customer. The message is dated Tuesday, two days before the Bloomberg report.
“You are receiving this notification because emails were exchanged between Microsoft and accounts in your organization, and those emails were accessed through the malicious actor Midnight Blizzard as a component of your cyberattack on Microsoft,” Microsoft’s notification read, according to the site’s message and Bloomberg report. .
“As part of our commitment to transparency, we are proactively sharing those emails,” read the notice, shared in the site’s post. “We’ve created a custom secure formula for legal members of your organization to review leaked emails between Microsoft and your company. “
In a statement to CRN on Friday, Microsoft said that “this week, we will proceed to notify consumers who have corresponded with Microsoft corporate email accounts that have been exfiltrated through the risk actor Midnight Blizzard, and we are offering consumers the email correspondence they accessed through this actor.
“This is a point of greater detail for consumers who have already been notified and also includes new notifications,” the company said in the statement.
Among the consumers known to have been affected by the incident were several federal agencies, the U. S. Cybersecurity and Infrastructure Security Agency confirmed in the past. (CISA).
Through the compromise of Microsoft’s corporate email accounts, Midnight Blizzard has “exfiltrated email correspondence between Federal Civil Branch Agencies (FCEBs) and Microsoft,” CISA said in an earlier emergency directive.
“The risk actor first uses data extracted from the company’s email systems, adding primary authentication points shared between Microsoft and Microsoft consumers via email, to gain or attempt to gain greater access to Microsoft’s consumer systems,” CISA said in the directive.
The breach, which allegedly began in November 2023, is believed to have primarily affected members of Microsoft’s management team, as well as workers on its legal and cybersecurity teams. First, the hackers gained access by taking advantage of the lack of MFA (multi-factor authentication) on an “old” account, according to the company.
In an update on the incident in early March, Microsoft revealed that Midnight Blizzard had been observed trying to exploit the data accumulated during the attack. In the past, the threatening organization has been found guilty of attacks, adding the widely felt SolarWinds breach in 2020.
The backlog of visitor notifications akin to Russia’s similar email breach follows the scathing report on Microsoft’s security culture and practices released through the U. S. Department of Homeland Security-appointed Cybersecurity Review Committee. In April, the U. S. Department of Homeland Security has been
The board released a 34-page report on last year’s Microsoft Exchange Online breach, which connected to China and affected several federal agencies and officials, adding Commerce Secretary Gina Raimondo. The review committee attributed the cloud messaging breach to a “cascade of avoidable errors through Microsoft. “