A group of Russian hackers that broke into Microsoft’s systems to spy on staff emails also stole emails from customers, Microsoft said on Thursday (27 June).
Microsoft provided its affected customers with updates regarding the Russian cyberattack that initially occurred in late November 2023.
Go deeper with GlobalData
Earlier this year, Microsoft revealed that the notorious Russian hacking group known as NOBELIUM, or Midnight Blizzard, had accessed its employees’ email correspondence.
However, the hacking group also infiltrated private email correspondence of Microsoft’s customers.
A Microsoft spokesperson told Verdict that the company were continuing notifications to customers “who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor”.
“We are providing the customers the email correspondence that was accessed by this actor,” the spokesperson said. “This is increased detail for customers who have already been notified and also includes new notifications.”
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“As we said previously, we’re committed to sharing information with our customers as our investigation continues,” the spokesperson added.
In April, the US cybersecurity watchdog said Russian hackers had used Microsoft’s email system to steal communication between the company and government officials.
The US Cybersecurity and Infrastructure Security Agency said that hackers were breaking into Microsoft’s customer systems by exploiting authentication details shared by email.
According to the watchdog, an unspecified number of government agencies had their correspondence compromised by the hackers.
The announcement followed Microsoft stating that it was working to combat the Russian hackers and their mission.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” Microsoft said at the time.
In 2020, the same hacking group breached US agency emails, which went undetected for months. The group reportedly gained access to unclassified email correspondence from US intelligence agencies.
The cybersecurity market is forecasted to be worth $334.66bn by 2026, according to GlobalData’s Cybersecurity Market Report.
