Microsoft's Battle with Russian Hackers Continues With Alerts Sent to Customers About Midnight Blizzard Hack Email Theft

The fallout from the Russian government's hack of Microsoft's corporate infrastructure is far from over. Microsoft has begun notifying customers that their emails were compromised by the Midnight Blizzard hackers, extending the breach's impact beyond the initial corporate infiltration.

In response to the breach, Microsoft's incident response team has created a secure portal where affected customers can view details of the stolen emails. In a statement, Microsoft explained, "You are receiving this notification because emails were exchanged between Microsoft and accounts in your organization, and those emails were accessed by the threat actor Midnight Blizzard as part of their cyber-attack on Microsoft."

Microsoft emphasized their commitment to transparency, stating, "We are proactively sharing these emails. We have custom-built a secure system to enable the approved members of your organization to review the exfiltrated emails between Microsoft and your company."

Earlier this year, Microsoft described the incident as an "ongoing attack" and warned that the Midnight Blizzard hacking group was "still attempting to use secrets of different types that were shared between customers and Microsoft in email in additional attacks." The company has been reaching out to affected customers to assist them in implementing mitigating measures, indicating that the hackers may be using the stolen information to identify new targets.

The full extent of the incident is still uncertain, but customers have shared screenshots of Microsoft's notifications on social media, highlighting the breach's widespread impact. Midnight Blizzard, also known as Nobelium, APT29, and Cozy Bear, is the same group responsible for the 2020 SolarWinds attack, a massive supply chain breach that affected numerous organizations.

As the situation develops, it serves as a stark reminder of the ongoing threats posed by state-sponsored cyber-attacks and the importance of robust security measures.