The Russian hacker group Midnight Blizzard is attacking Microsoft again and infiltrating several email accounts of high-ranking executives.

According to Microsoft, Russian criminals linked to Midnight Blizzard may have infiltrated the email accounts of high-ranking executives as early as November. The attack was discovered on January 12th and members of Midnight Blizzard were denied access on January 13th. The impact of this attack is currently being investigated. Microsoft confirmed a few years ago that the same group was behind the major SolarWinds attack in 2020.

Midnight storm

Midnight Blizzard, a Russian hacker group, is sponsored by the Russian state and was formerly known as Nobelium. Microsoft has previously addressed this Russian hacking group and emphasizes the risks of groups like Midnight Blizzard. In August last year, the same group carried out a phishing attack on Microsoft Teams chats, and in 2020, SolarWinds fell victim to a major cyberattack.

Now the email accounts of Microsoft employees have been targeted. The Russian group reportedly had access to a minimal percentage of senior executives’ email accounts since November. The attack was discovered on January 12th and members of Midnight Blizzard were denied access on January 13th. According to Microsoft, this email account infiltration is not due to vulnerabilities in Microsoft products or services.

Injury

The Russian hackers used the so-called “Password spray attack“. They tried a series of regular passwords for outdated accounts and then used them for current email accounts. Microsoft suspects that the hackers were looking for information related to Midnight Blizzard itself. The analysis and impact of the attack, as well as the exact information they collected, are currently being investigated.