The technology company Microsoft assured that it was attacked by a Russian state-sponsored actor, but stated that there is no evidence that this affects “customers,” the production system, the source code, or the artificial intelligence systems”.
“The Microsoft security team detected a nation-state attack on our corporate system on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny further access to the threat actor,” they explained in a statement shared by the company itself.
On the same note, they added that “Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.”. “As part of our continued commitment to responsible transparency, as recently expressed in our Secure Future Initiative (SFI), we are sharing this update,” they added.
Also, they reported that the attack started in November 2023 and that its purpose was to access employees’ emails to get information. “We are in the process of notifying employees whose email was accessed,” they said.
“The attack was not the result of a vulnerability in Microsoft products or services. Currently, there is no evidence that the threat actor has access to customer environments, production systems, source code, or artificial intelligence systems,” they added.
With this attack, Microsoft stated, it “highlights the ongoing risk that well-resourced nation-state threat actors like Midnight Blizzard pose to all organizations.”
“We are continuing our investigation, will take further actions based on the results of this investigation, and will continue to work with the appropriate authorities and regulators,” they concluded.