Microsoft says more customer emails accessed by Russian hackers - media

Microsoft said on Thursday that a Kremlin-backed hacker group, responsible for the January breach of the company’s internal systems, gained access to more customer emails than originally revealed, Bloomberg News first reported.

A Microsoft spokesperson told the news outlet it was now in the process of informing further customers that their emails had been accessed by the Russian nation-state hacker group Midnight Blizzard.

In addition, formerly notified customers will be given detailed information about what types of information have been assessed by the group, the spokesperson told the outlet.

"This is increased detail for customers who have already been notified and also includes new notifications," the spokesperson said in an emailed statement. "We’re committed to sharing information with our customers as our investigation continues."

The tech giant first disclosed the Midnight Blizzard breach in a January 19th filing with the US Securities and Exchange Commission.

The hackers were found to have accessed stolen emails from the company’s senior leadership team, as well as from cybersecurity and legal department employees, and had been attempting to contact Microsoft customers using the stolen credentials.

Personal data leak checker

Check whether your online credentials have been compromised with an up-to-date personal data leak checker tool.

Check if your data has been compromised

The US Cybersecurity and Security Infrastructure Agency had issued an emergency directive to federal agencies in April, after further investigations by Microsoft found its US government Azure clients were also being actively targeted.

CISA did not disclose names or how many US government agencies emails were compromised at the time.

Microsoft had revealed the hackers were able to get into its corporate systems months earlier using a technique called password spraying – a tactic where the threat actors will brute force a system using default passwords on multiple user accounts.

Midnight Blizzard, otherwise known in the security world as the Russian state-sponsored actor Nobelium, APT29, or Cozy Bear – was also responsible for the SolarWinds hack that wreaked havoc on US government installations in 2020.

Last February, the state-sponsored threat actors were said to be behind a phishing campaign targeting EU government agencies giving aid to Ukraine, according to research by BlackBerry.

Microsoft also did not say which corporate customers, then or now, have been made vulnerable by the breach.