Microsoft has disclosed the detection of a nation-state attack on its corporate systems by the Russian state-sponsored hacker group Nobelium, the same group responsible for the SolarWinds attack. The intrusion, discovered in late November 2023, involved a password spray attack targeting a legacy non-production test tenant account.
The hackers gained access to a small percentage of Microsoft corporate email accounts, including those of senior leadership, cybersecurity, legal, and other functions. Some emails and attached documents were exfiltrated during the breach. Microsoft emphasized that the attack was not due to a vulnerability in its products or services, and there is no evidence of access to customer environments, production systems, source code, or AI systems.
The incident comes on the heels of Microsoft’s recent announcement to revamp its software security following major Azure cloud attacks. Despite this breach, Microsoft assures customers that they have not been impacted, and the company is implementing significant changes to its security approach.