Microsoft’s security team detected a cyberattack in January of 2024. The attack was spotted within corporate email systems, activating an immediate response process, and the source of this cyberattack was identified as the Russian state-sponsored threat actor, Midnight Blizzard. Evidence suggests that Midnight Blizzard is utilizing data gathered from the corporate email system in order to try and gain unauthorized access to the organization’s internal systems, source code repositories and more.
“It’s worth noting that this exploit originates with the same basic credentials compromises that we see in nearly all attacks of this nature. Once the attacker has inappropriate access, a whole host of additional malicious activity becomes possible. Stronger authentication methods, including PKI-based authentication, are our single most powerful defense against these breaches.”