Who: Russian state-backed hackers identified as Midnight Blizzard, also known as Nobelium, targeted Microsoft's corporate email accounts and gained access to the company's core software systems.
What: Microsoft detected the cyberattack in January, revealing that the hackers utilized information initially exfiltrated from corporate email systems to access source code repositories and internal systems. The breach involved the unauthorized access of "secrets" shared between customers and Microsoft through email.
Impact: As of the latest update, Microsoft asserts that the incident has not materially impacted its operations or financial condition. The company is actively working with affected customers to implement mitigating measures. The ongoing attack has seen an increase in volume, particularly in password spraying attempts, with the situation intensifying in February compared to January. Microsoft has heightened its security measures and collaboration across the enterprise to defend against the persistent threat. The attack, initiated in November, had its access to email accounts removed by Microsoft on January 13. The company continues to cooperate with federal law enforcement in
Read the full article HERE