Microsoft fell victim to a cyberattack by the Russia-backed state-sponsored threat actor Nobelium. They used a basic password-spray attack to breach Microsoft corporate email accounts, including their senior executives. The adversary managed to stay persistent in the cloud infrastructure for more than two months before being discovered. Apparently, the Nobelium attacker was searching around for information Microsoft had on their operation.

Promising a cybersecurity overhaul of their legacy systems, Microsoft announced, "We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes. This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy."

The Nobelium APT has troubled Microsoft and its services before. Last summer, the group launched Teams phishing attacks against government and industrial organizations using compromised Microsoft 365 tenants. Read more about this story on our LinkedIn page