And speaking of Microsoft, Microsoft announced that some of its corporate e-mails were exfiltrated by the Russia-sponsored attack group known as “Midnight Blizzard.” Microsoft detected the attacks, which started in late November 2023, on January 12, 2024. The hackers initially targeted Microsoft employees tracking Russian hackers before gaining access to the email accounts of senior leadership and legal teams. Microsoft discovered the hack last week and does not believe customers or products were affected. Microsoft is taking immediate action to enhance security measures and cooperate with law enforcement and regulators. Midnight Blizzard was also responsible for the SolarWinds hack.
Why do we care?
It does appear that some of the cause here is good old-fashioned human error, and there’s some comfort in knowing even large, technologically advanced companies like Microsoft are vulnerable to sophisticated cyberattacks. The insight is pretty basic – this is a continual, ongoing effort.