MSFT 8-K — Smart Summary

Microsoft disclosed a material cybersecurity incident in which a nation-state threat actor, identified as Midnight Blizzard (also known as Nobelium, a Russian state-sponsored actor), gained unauthorized access to and exfiltrated information from a very small percentage of Microsoft corporate employee email accounts beginning in late November 2023, with the intrusion detected on January 12, 2024.

• Incident detected by Microsoft security team on January 12, 2024
• Threat actor access began in late November 2023
• Threat actor identified as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium
• Attack method: password spray attack used to compromise a legacy non-production test tenant account
• Threat actor used the compromised account's permissions to access a very small percentage of Microsoft corporate email accounts
• Affected accounts included members of senior leadership team and employees in cybersecurity, legal, and other functions
• Threat actor exfiltrated some emails and attached documents
• Investigation indicates threat actor was initially targeting email accounts for information related to Midnight Blizzard itself
• Microsoft removed the threat actor's access to the email accounts on or about January 13, 2024
• Attack was not the result of a vulnerability in Microsoft products or services
• No evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems
• Microsoft is notifying employees whose email was accessed
• Microsoft has notified and is working with law enforcement
• Microsoft is notifying relevant regulatory authorities with respect to unauthorized access to personal information
• As of the filing date (January 19, 2024), the incident has not had a material impact on the Company's operations
• The Company has not yet determined whether the incident is reasonably likely to materially impact the Company's financial condition or results of operations
• Microsoft posted a blog regarding the incident on January 19, 2024, titled 'Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard'
• Microsoft stated it will immediately apply current security standards to Microsoft-owned legacy systems and internal business processes
• Microsoft referenced its Secure Future Initiative (SFI) announced late 2023 in connection with its response