Skip to main content
close search
site logo
Dive Brief

Microsoft to overhaul internal security practices after Midnight Blizzard attack

After Microsoft disclosed a state-sponsored actor stole data from senior executives, experts are raising questions about its security capabilities and practices.

Published Jan. 22, 2024
David Jones's headshot
Reporter
Microsoft CEO Satya Nadella addresses shareholders during Microsoft Shareholders Meeting December 3, 2014 in Bellevue, Washington.
Microsoft CEO Satya Nadella addresses shareholders during Microsoft Shareholders Meeting December 3, 2014 in Bellevue, Washington. Stephen Brashear / Stringer via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Microsoft plans to make significant changes to its internal security practices after disclosing a hack by the state-sponsored threat group Midnight Blizzard, which stole emails and other data from senior-level Microsoft executives and other employees, the company said Friday in a filing with the Securities and Exchange Commission.
  • The hackers compromised a legacy non-production test tenant account to gain access to the company, Microsoft said. The threat actor used the account’s permissions to reach a “very small percentage” of emails and attachments of senior executives and employees in the cybersecurity, legal and other departments. 
  • The actor, formerly known as Nobelium, was behind the 2020 Sunburst attacks against SolarWinds and other companies. U.S. authorities raised alarms about Midnight Blizzard in December after the actor was found exploiting unpatched vulnerabilities in JetBrains TeamCity servers across the globe.

Dive Insight:

Security researchers and other analysts say the attack raises serious questions about the security of Microsoft products and whether the company is employing the same practices internally that it demands of customers. 

Beginning in late November, the attackers used a password-spray attack to gain access to Microsoft’s environment. The attacks were not discovered until Jan. 12, and Microsoft said the attackers were seeking to find out what information Microsoft had on Midnight Blizzard.  

Adam Meyers, SVP of counter adversary operations at CrowdStrike, noted that Microsoft has been the subject of serious attacks involving its cloud environment in recent years. This includes last year's hack involving thousands of emails at the U.S. State Department and the Department of Commerce. 

“I can tell you as somebody who works at a security company, our executives do not reside on legacy tenants with no multifactor authentication,” Meyers said. 

Microsoft, in a blog post on Friday, admitted that it needs to rapidly update its internal security practices after it announced the Secure Future Initiative in November.

“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business practices,” the company said in the blog post.

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell