Share this article on:
The software giant has sent out a second round of alerts in the wake of a 2023 cyber attack by Russian threat actor Midnight Blizzard.
Microsoft sends a second round of notifications to a new tranche of customers, warning them that a Russian hacking group has accessed their email records.
The initial hack took place in late November 2023, with Microsoft detecting the unauthorised access on 12 January 2024.
The company revealed the extent of the incident in March 2024, stating at the time that the Russian-state-sponsored group had accessed several corporate email accounts, “including members of our senior leadership team and employees in our cyber security, legal and other functions”.
A Microsoft spokesperson has now told Bloomberg that the second round of emails is going out to members of companies and organisations mentioned in the emails accessed by the Russian hackers. Some of these organisations have already received a notice following the original disclosure, while others are being notified for the first time.
Several government agencies were impacted by the incident, leading to the US Cybersecurity and Infrastructure Security Agency warning federal agencies to reset credentials and analyse their email communications.
Microsoft has not yet said how many of its customers have received such notices, either in this round of notifications or the first one.
Midnight Blizzard – also known as APT29 and Cozy Bear – has a history of targeting government agencies and large corporations. In March of 2024, researchers at Mandiant published details of a Midnight Blizzard phishing campaign targeting German political parties and linking the group to Russia’s Foreign Intelligence Service, or SVR.
“Based on the SVR’s responsibility to collect political intelligence and this APT29 cluster’s historical targeting patterns,” Mandiant said at the time, “we judge this activity to present a broad threat to European and other Western political parties from across the political spectrum”.
In 2021, the group was responsible for a widely reported hack on US software company SolarWinds, which saw Midnight Blizzard access about 100 SolarWinds customers.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.