Compromiseseverity: High2024-01-19

Midnight Blizzard intrusion into Microsoft corporate email

published by Microsoft Security Response Center

Actor

APT29RU · RussiaAPT

Russian state-sponsored intrusion set publicly attributed to the SVR. Long history of espionage operations against Western government, diplomatic, think tank, and technology targets, including the So…

Summary

Microsoft disclosed that Midnight Blizzard (APT29) compromised a legacy non-production test tenant via password spray, then pivoted to access a small number of Microsoft corporate email accounts, including members of the senior leadership team and cybersecurity / legal staff.

Primary source

msrc.microsoft.com

Other APT29 events

2024-06-28TeamViewer corporate IT compromise attributed to APT29
2021-04-15U.S. Treasury sanctions SVR for SolarWinds compromise
2020-12-13SolarWinds Orion supply-chain compromise disclosed

Summary

Tags

Primary source

Other APT29 events