On January 12, 2024, Microsoft detected a nation-state attack on its corporate systems. The investigation identified Midnight Blizzard as the perpetrator. The hackers gained access to a small percentage of Microsoft employee emails, including senior leadership, using a password spraying technique. Some emails and documents were exfiltrated, but Microsoft quickly identified and shut down the attack. The cyber attacks
orchestrated by Midnight Blizzard have led to the compromise of valid accounts
and unauthorized access to sensitive information.
The activities of Midnight Blizzard underscore the
persistent threat posed by nation-state actors in cyberspace. Continuous
vigilance and proactive cybersecurity measures are essential to protect against
such sophisticated threats.
Source: Microsoft Security Blog (2024).
Click here to read more information about the attack: Midnight Blizzard: Guidance for responders on nation-state attack | Microsoft Security Blog