msrc.microsoft.com Open in urlscan Pro
2620:1ec:bdf::45  Public Scan

URL: https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Submission: On June 28 via manual from CZ — Scanned from DE

Form analysis 3 forms found in the DOM

Name: searchFormGET https://www.microsoft.com/en-us/search/explore

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
  data-seautosuggest="{&quot;queryParams&quot;:{&quot;market&quot;:&quot;en-us&quot;,&quot;clientId&quot;:&quot;7F27B536-CF6B-4C65-8638-A0F8CBDFCA65&quot;,&quot;sources&quot;:&quot;Iris-Products,DCatAll-Products,Microsoft-Terms&quot;,&quot;filter&quot;:&quot;+ClientType:StoreWeb&quot;,&quot;counts&quot;:&quot;1,5,5&quot;},&quot;familyNames&quot;:{&quot;Apps&quot;:&quot;App&quot;,&quot;Books&quot;:&quot;Book&quot;,&quot;Bundles&quot;:&quot;Bundle&quot;,&quot;Devices&quot;:&quot;Device&quot;,&quot;Fees&quot;:&quot;Fee&quot;,&quot;Games&quot;:&quot;Game&quot;,&quot;MusicAlbums&quot;:&quot;Album&quot;,&quot;MusicTracks&quot;:&quot;Song&quot;,&quot;MusicVideos&quot;:&quot;Video&quot;,&quot;MusicArtists&quot;:&quot;Artist&quot;,&quot;OperatingSystem&quot;:&quot;Operating System&quot;,&quot;Software&quot;:&quot;Software&quot;,&quot;Movies&quot;:&quot;Movie&quot;,&quot;TV&quot;:&quot;TV&quot;,&quot;CSV&quot;:&quot;Gift Card&quot;,&quot;VideoActor&quot;:&quot;Actor&quot;}}"
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c2m1r1a1&quot;}" aria-expanded="false">
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft.com">
  <button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-bi-mto="true"
    aria-expanded="false" disabled="disabled">
    <span role="presentation">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip">Search Microsoft.com</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}">
    </ul>
    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox">
      <li class="c-menu-item">
        <span tabindex="-1">No results</span>
      </li>
    </ul>
  </div>
</form>

POST

<form action="" method="post" id="feedback-form">
  <fieldset>
    <legend class="text-white h5"> Feedback <span id="required-label-star">
        <span class="required-star">*</span>
        <span class="csat-visually-hidden">(required)</span>
      </span>
    </legend>
    <p> Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters. </p>
    <div>
      <textarea class="w-100" rows="5" cols="60" name="text" placeholder="Enter your feedback here." required="" minlength="10" maxlength="2000" id="csat-feedback-form" aria-required="true"></textarea>
    </div>
    <button class="btn btn-primary mt-2" type="submit" id="csat-submit-button"> Send feedback </button>
  </fieldset>
</form>

GET /blog/search/

<form action="/blog/search/" method="GET" role="search">
  <div class="input-group">
    <input class="form-control border-right-0" type="search" name="query" id="search-query" placeholder="Search blog posts">
    <div class="input-group-append">
      <button class="btn glyph-append glyph-append-search border-left-0 pl-2 border-neutral-400 bg-body" type="submit" aria-label="Search"></button>
    </div>
  </div>
</form>

Text Content

Skip to main content
Microsoft
MSRC
MSRC
MSRC
 * Home
 * Report an issue
    * Report Security Vulnerability
    * Report Abuse
    * Report Infringement
    * Submission FAQs

 * Customer guidance
    * Security Update Guide
    * Exploitability index
    * Developer API documentation
    * Frequently Asked Questions
    * Technical Security Notifications

 * Engage
    * Microsoft Bug Bounty Programs
    * Microsoft Active Protections Program
    * BlueHat Security Conference
    * Researcher Recognition Program
    * Windows Security Servicing Criteria

 * Who we are
    * Mission
    * Cyber Defense Operations Center
    * Coordinated Vulnerability Disclosure
    * Social

 * Blogs
    * Microsoft Security Response Center
    * Security Research &Defense
    * BlueHat Conference Blog

 * Acknowledgments
    * Security Researcher Acknowledgments
    * Online Services Researcher Acknowledgments
    * Security Researcher Leaderboard

 * More

 * All Microsoft
   
   
    * GLOBAL
      
      * Microsoft 365
      * Teams
      * Copilot
      * Windows
      * Surface
      * Xbox
      * Deals
      * Small Business
      * Support
    * Software Software
      * Windows Apps
      * AI
      * Outlook
      * OneDrive
      * Microsoft Teams
      * OneNote
      * Microsoft Edge
      * Skype
    * PCs &Devices PCs &Devices
      * Computers
      * Shop Xbox
      * Accessories
      * VR &mixed reality
      * Certified Refurbished
      * Trade-in for cash
    * Entertainment Entertainment
      * Xbox Game Pass Ultimate
      * PC Game Pass
      * Xbox games
      * PC and Windows games
      * Movies &TV
    * Business Business
      * Microsoft Cloud
      * Microsoft Security
      * Dynamics 365
      * Microsoft 365 for business
      * Microsoft Power Platform
      * Windows 365
      * Microsoft Industry
      * Small Business
    * Developer &IT Developer &IT
      * Azure
      * Developer Center
      * Documentation
      * Microsoft Learn
      * Microsoft Tech Community
      * Azure Marketplace
      * AppSource
      * Visual Studio
    * Other Other
      * Microsoft Rewards
      * Free downloads &security
      * Education
      * Gift cards
      * Holiday gifts
      * Licensing
      * Unlocked stories
    * View Sitemap

Search Search Microsoft.com
 * No results

Cancel

 * blog
 * 2024
 * 03
 * update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/


UPDATE ON MICROSOFT ACTIONS FOLLOWING ATTACK BY NATION STATE ACTOR MIDNIGHT
BLIZZARD

MSRC
/ By MSRC / March 08, 2024 / 2 min read

This blog provides an update on the nation-state attack that was detected by the
Microsoft Security Team on January 12, 2024. As we shared, on January 19, the
security team detected this attack on our corporate email systems and
immediately activated our response process. The Microsoft Threat Intelligence
investigation identified the threat actor as Midnight Blizzard, the Russian
state-sponsored actor also known as NOBELIUM.  

As we said at that time, our investigation was ongoing, and we would provide
additional details as appropriate. 

In recent weeks, we have seen evidence that Midnight Blizzard is using
information initially exfiltrated from our corporate email systems to gain, or
attempt to gain, unauthorized access. This has included access to some of the
company’s source code repositories and internal systems. To date we have found
no evidence that Microsoft-hosted customer-facing systems have been
compromised. 

It is apparent that Midnight Blizzard is attempting to use secrets of different
types it has found. Some of these secrets were shared between customers and
Microsoft in email, and as we discover them in our exfiltrated email, we have
been and are reaching out to these customers to assist them in taking mitigating
measures. Midnight Blizzard has increased the volume of some aspects of the
attack, such as password sprays, by as much as 10-fold in February, compared to
the already large volume we saw in January 2024. 

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant
commitment of the threat actor’s resources, coordination, and focus. It may be
using the information it has obtained to accumulate a picture of areas to attack
and enhance its ability to do so. This reflects what has become more broadly an
unprecedented global threat landscape, especially in terms of sophisticated
nation-state attacks.  

Across Microsoft, we have increased our security investments, cross-enterprise
coordination and mobilization, and have enhanced our ability to defend ourselves
and secure and harden our environment against this advanced persistent threat.
We have and will continue to put in place additional enhanced security controls,
detections, and monitoring. 

Our active investigations of Midnight Blizzard activities are ongoing, and
findings of our investigations will continue to evolve. We remain committed to
sharing what we learn.

 * Attack

--------------------------------------------------------------------------------

Previous Post
Next Post


RELATED POSTS

 * Microsoft addresses App Installer abuse
 * Microsoft Response to Distributed Denial of Service (DDoS) Attacks against
   HTTP/2
 * Announcing the Microsoft Machine Learning Membership Inference Competition
   (MICO)


HOW SATISFIED ARE YOU WITH THE MSRC BLOG?

RATING

Broken
Bad
Below average
Average
Great
Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10
and 2,000 characters.


Send feedback

THANK YOU FOR YOUR FEEDBACK!

We'll review your input and work on improving the site.


Subscribe


CATEGORIES

 * MSRC (1070)
 * Japan Security Team (1033)
 * Security Research & Defense (380)
 * BlueHat (190)
 * Bug Bounty Programs (7)
 * Microsoft Threat Hunting (5)


TAGS

 * セキュリティ情報 (465)
 * 脆弱性 (248)
 * アドバイザリ (179)
 * Internet Explorer (IE) (156)
 * Security Update (140)
 * Security Advisory (135)
 * Security Bulletin (133)
 * Mitigations (128)
 * Community-based Defense (110)
 * セキュリティ更新 (109)
 * View all Tags


RECENT POSTS

 * Toward greater transparency: Unveiling Cloud Service CVEs
 * Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning
 * Improved Guidance for Azure Network Service Tags
 * Congratulations to the Top MSRC 2024 Q1 Security Researchers! 
 * Toward greater transparency: Adopting the CWE standard for Microsoft CVEs


ARCHIVES

 * June 2024 (6)
 * May 2024 (1)
 * April 2024 (5)
 * March 2024 (3)
 * February 2024 (8)
 * View full Archive

What 's new
 * Surface Laptop Studio 2
 * Surface Laptop Go 3
 * Surface Pro 9
 * Surface Laptop 5
 * Surface Studio 2+
 * Copilot in Windows
 * Microsoft 365
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store support
 * Returns
 * Order tracking
 * Certified Refurbished
 * Microsoft Store Promise
 * Flexible Payments

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * How to buy for your school
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Dynamics 365
 * Microsoft 365
 * Microsoft Power Platform
 * Microsoft Teams
 * Microsoft Industry
 * Small Business

Developer &IT
 * Azure
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

English (United States) California Consumer Privacy Act (CCPA) Opt-Out Icon Your
Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy
Choices
 * Sitemap
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * Safety &eco
 * Recycling
 * About our ads
 * ©Microsoft 2024