3 min Security

Russian Microsoft hack had bigger impact than previously thought

Affected customers informed eight months after the fact, better late than never?

Russian Microsoft hack had bigger impact than previously thought

Russia’s Midnight Blizzard attack on Microsoft affected more organizations than was previously made public. Microsoft has now informed several customers about the compromise.

No further information was shared on the targeted companies or government bodies. Some organizations had already found out they’d been hacked, whereas others only knew about a compromise due to Microsoft telling them over the past few weeks.

The initial incident revealed major security flaws at Microsoft, which among many other things is the world’s largest security company. For example, two-step authentication (2FA/MFA) was not in place for many of its execs, meaning Midnight Blizzard’s password spraying efforts were successful through simple but intense guesswork and brute-forcing.

Also read our blog about this incident: Russia-backed hackers attack Microsoft: senior leadership hacked

Bigger impact

The Russian attack took place in late November 2023 and targeted Microsoft’s corporate leadership, among others. However, the hackers also managed to capture the emails of senior members of the US government. Now, it appears that Midnight Blizzard targeted more organizations, even though we don’t know who was hit.

It has been known since Friday, however, that Midnight Blizzard remains on the prowl. In late June, for example, it compromised the German remote access software provider TeamViewer. This company’s software may offer the Russian state hackers another attack vector if compromised.

Midnight Blizzard will be hoping for a repeat of the SolarWinds hack from 2020. Back then, this Russia-affiliated group compromised SolarWinds’ software and stole a treasure trove of data from U.S. government agencies and companies. There were also victims seven other countries.

Microsoft hopes to regain trust

Affected customers can access the stolen emails through a safe custom interface, Bloomberg reports. An employee asked on Reddit last week if the Microsoft email may have been a phishing attempt. The tech giant’s support team confirmed that the message was authentic, but the Reddit user states that the email actually “reads exactly like the kind of phishing emails we tell staff not to engage with.”

It shows an accurate assessment of the state of modern phishing emails, which are easy to confuse with authentic messages nowadays. Microsoft itself can’t really be blamed for this state of affairs, and such a warning to customers is inherently a break from regular and trustworthy emails. The company has pledged to significantly ramp up its security practices and seeks to re-prioritize it over adding new features. To regain trust will take time, and largely depends on dealing with previous hacks appropriately.

These customers were compromised by Midnight Blizzard eight months ago, but Microsoft evidently took its time to be sure of its case before coming out with reports about it. Indeed, in another large-scale incident in which Chinese hackers penetrated Microsoft, the company proved to be overly trigger-happy when it came to sharing details. Some of those details later turned out to be wrong, which Microsoft took a long time to correct. This is something the U.S. Cyber Safety Review Board strongly criticized, describing Microsoft’s compromise by Chinese hackers as a “cascade of errors”.

Also read: After security debacles, Microsoft adds new executives