Joystiq
Joystiq News
An had further implications than initially reported. The tech giant is notifying additional individuals that emails between them and Microsoft were accessed, . A group known as Midnight Blizzard or Nobelium orchestrated this attack, along with the 2020 SolarWinds hack. The US government has previously linked Midnight Blizzard to the Russian Foreign Intelligence Service.
Microsoft previously informed some individuals that their emails were viewed, but the company is now sharing specifics. "This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson stated. "This is increased detail for customers who have already been notified and also includes new notifications." Microsoft is making customers aware via email, which initially led to concerns that the notification was a .
Microsoft first disclosed the hack in January, stating that a password spray attack gained the group access to "a very small percentage of Microsoft corporate email accounts" in late 2023. Employees with compromised emails included members of the senior leadership, cybersecurity and legal teams.
At the time, Microsoft said vulnerabilities in its systems were not to blame for the attack but that it would be improving security. However, the US government has brought the heat against Microsoft, with a March report from the finding the company's "security culture was and requires an overhaul." In April, the (CISA) issued an order requiring federal agencies to analyze hacked emails and secure Microsoft cloud accounts, among other measures. CISA notified all impacted agencies and required them to provide regular updates on the steps taken to thwart this "grave and unacceptable risk."
This article originally appeared on Engadget at
Console Bang News!
Microsoft previously informed some individuals that their emails were viewed, but the company is now sharing specifics. "This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson stated. "This is increased detail for customers who have already been notified and also includes new notifications." Microsoft is making customers aware via email, which initially led to concerns that the notification was a .
Microsoft first disclosed the hack in January, stating that a password spray attack gained the group access to "a very small percentage of Microsoft corporate email accounts" in late 2023. Employees with compromised emails included members of the senior leadership, cybersecurity and legal teams.
At the time, Microsoft said vulnerabilities in its systems were not to blame for the attack but that it would be improving security. However, the US government has brought the heat against Microsoft, with a March report from the finding the company's "security culture was and requires an overhaul." In April, the (CISA) issued an order requiring federal agencies to analyze hacked emails and secure Microsoft cloud accounts, among other measures. CISA notified all impacted agencies and required them to provide regular updates on the steps taken to thwart this "grave and unacceptable risk."
This article originally appeared on Engadget at
Console Bang News!