Microsoft disclosed a security breach where Russian state-backed hackers, identified as Midnight Blizzard, exploited a weak password on the corporate network. The attackers utilized a password spray attack, targeting a legacy non-production test tenant account with no two-factor authentication (2FA). This allowed them to access a small percentage of Microsoft corporate email accounts, including those of senior executives, cybersecurity, and legal team members. The breach began in late November 2023, but Microsoft only detected it on January 12, raising concerns about potentially two months of uninterrupted access.
The compromised test account, configured inexplicably with extensive permissions, enabled the hackers to pivot and reach highly sensitive employee accounts. Questions arise about why such privileges were granted and not revoked after the testing phase ended. The incident highlights a lapse in basic security hygiene.
Microsoft clarified that there is no evidence of Midnight Blizzard accessing customer environments, production systems, source code, or AI systems. However, skepticism persists among researchers, with concerns about the susceptibility of Microsoft 365 services to similar attack techniques.
Former Microsoft cybersecurity expert Kevin Beaumont emphasized the need for Microsoft to undergo significant technical and cultural transformations, moving away from traditional practices and embracing radical changes to rebuild trust. The incident underscores the importance of robust security measures, including 2FA, and diligent account management to thwart cyber threats.
