msrc.microsoft.com
Open in
urlscan Pro
2620:1ec:bdf::45
Public Scan
URL:
https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Submission: On June 28 via manual from CZ — Scanned from DE
Submission: On June 28 via manual from CZ — Scanned from DE
Form analysis
3 forms found in the DOMName: searchForm — GET https://www.microsoft.com/en-us/search/explore
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
data-seautosuggest="{"queryParams":{"market":"en-us","clientId":"7F27B536-CF6B-4C65-8638-A0F8CBDFCA65","sources":"Iris-Products,DCatAll-Products,Microsoft-Terms","filter":"+ClientType:StoreWeb","counts":"1,5,5"},"familyNames":{"Apps":"App","Books":"Book","Bundles":"Bundle","Devices":"Device","Fees":"Fee","Games":"Game","MusicAlbums":"Album","MusicTracks":"Song","MusicVideos":"Video","MusicArtists":"Artist","OperatingSystem":"Operating System","Software":"Software","Movies":"Movie","TV":"TV","CSV":"Gift Card","VideoActor":"Actor"}}"
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c2m1r1a1","sN":3,"aN":"c1c9c2m1r1a1"}" aria-expanded="false">
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c2m1r1a1","sN":1,"aN":"c3c1c9c2m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft.com">
<button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c2m1r1a1","sN":2,"aN":"c3c1c9c2m1r1a1"}" data-bi-mto="true"
aria-expanded="false" disabled="disabled">
<span role="presentation">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip">Search Microsoft.com</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c2m1r1a1","sN":3,"aN":"c3c1c9c2m1r1a1"}">
</ul>
<ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox">
<li class="c-menu-item">
<span tabindex="-1">No results</span>
</li>
</ul>
</div>
</form>
POST
<form action="" method="post" id="feedback-form">
<fieldset>
<legend class="text-white h5"> Feedback <span id="required-label-star">
<span class="required-star">*</span>
<span class="csat-visually-hidden">(required)</span>
</span>
</legend>
<p> Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters. </p>
<div>
<textarea class="w-100" rows="5" cols="60" name="text" placeholder="Enter your feedback here." required="" minlength="10" maxlength="2000" id="csat-feedback-form" aria-required="true"></textarea>
</div>
<button class="btn btn-primary mt-2" type="submit" id="csat-submit-button"> Send feedback </button>
</fieldset>
</form>
GET /blog/search/
<form action="/blog/search/" method="GET" role="search">
<div class="input-group">
<input class="form-control border-right-0" type="search" name="query" id="search-query" placeholder="Search blog posts">
<div class="input-group-append">
<button class="btn glyph-append glyph-append-search border-left-0 pl-2 border-neutral-400 bg-body" type="submit" aria-label="Search"></button>
</div>
</div>
</form>
Text Content
Skip to main content Microsoft MSRC MSRC MSRC * Home * Report an issue * Report Security Vulnerability * Report Abuse * Report Infringement * Submission FAQs * Customer guidance * Security Update Guide * Exploitability index * Developer API documentation * Frequently Asked Questions * Technical Security Notifications * Engage * Microsoft Bug Bounty Programs * Microsoft Active Protections Program * BlueHat Security Conference * Researcher Recognition Program * Windows Security Servicing Criteria * Who we are * Mission * Cyber Defense Operations Center * Coordinated Vulnerability Disclosure * Social * Blogs * Microsoft Security Response Center * Security Research &Defense * BlueHat Conference Blog * Acknowledgments * Security Researcher Acknowledgments * Online Services Researcher Acknowledgments * Security Researcher Leaderboard * More * All Microsoft * GLOBAL * Microsoft 365 * Teams * Copilot * Windows * Surface * Xbox * Deals * Small Business * Support * Software Software * Windows Apps * AI * Outlook * OneDrive * Microsoft Teams * OneNote * Microsoft Edge * Skype * PCs &Devices PCs &Devices * Computers * Shop Xbox * Accessories * VR &mixed reality * Certified Refurbished * Trade-in for cash * Entertainment Entertainment * Xbox Game Pass Ultimate * PC Game Pass * Xbox games * PC and Windows games * Movies &TV * Business Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 for business * Microsoft Power Platform * Windows 365 * Microsoft Industry * Small Business * Developer &IT Developer &IT * Azure * Developer Center * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio * Other Other * Microsoft Rewards * Free downloads &security * Education * Gift cards * Holiday gifts * Licensing * Unlocked stories * View Sitemap Search Search Microsoft.com * No results Cancel * blog * 2024 * 03 * update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ UPDATE ON MICROSOFT ACTIONS FOLLOWING ATTACK BY NATION STATE ACTOR MIDNIGHT BLIZZARD MSRC / By MSRC / March 08, 2024 / 2 min read This blog provides an update on the nation-state attack that was detected by the Microsoft Security Team on January 12, 2024. As we shared, on January 19, the security team detected this attack on our corporate email systems and immediately activated our response process. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. As we said at that time, our investigation was ongoing, and we would provide additional details as appropriate. In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised. It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024. Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks. Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring. Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn. * Attack -------------------------------------------------------------------------------- Previous Post Next Post RELATED POSTS * Microsoft addresses App Installer abuse * Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 * Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) HOW SATISFIED ARE YOU WITH THE MSRC BLOG? RATING Broken Bad Below average Average Great Feedback * (required) Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters. Send feedback THANK YOU FOR YOUR FEEDBACK! We'll review your input and work on improving the site. Subscribe CATEGORIES * MSRC (1070) * Japan Security Team (1033) * Security Research & Defense (380) * BlueHat (190) * Bug Bounty Programs (7) * Microsoft Threat Hunting (5) TAGS * セキュリティ情報 (465) * 脆弱性 (248) * アドバイザリ (179) * Internet Explorer (IE) (156) * Security Update (140) * Security Advisory (135) * Security Bulletin (133) * Mitigations (128) * Community-based Defense (110) * セキュリティ更新 (109) * View all Tags RECENT POSTS * Toward greater transparency: Unveiling Cloud Service CVEs * Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning * Improved Guidance for Azure Network Service Tags * Congratulations to the Top MSRC 2024 Q1 Security Researchers! * Toward greater transparency: Adopting the CWE standard for Microsoft CVEs ARCHIVES * June 2024 (6) * May 2024 (1) * April 2024 (5) * March 2024 (3) * February 2024 (8) * View full Archive What 's new * Surface Laptop Studio 2 * Surface Laptop Go 3 * Surface Pro 9 * Surface Laptop 5 * Surface Studio 2+ * Copilot in Windows * Microsoft 365 * Windows 11 apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Certified Refurbished * Microsoft Store Promise * Flexible Payments Education * Microsoft in education * Devices for education * Microsoft Teams for Education * Microsoft 365 Education * How to buy for your school * Educator training and development * Deals for students and parents * Azure for students Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 * Microsoft Power Platform * Microsoft Teams * Microsoft Industry * Small Business Developer &IT * Azure * Developer Center * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio Company * Careers * About Microsoft * Company news * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Sustainability English (United States) California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety &eco * Recycling * About our ads * ©Microsoft 2024