Microsoft detects nation-state attack on corporate email; exfiltrated data from senior leadership accounts

MICROSOFT CORP

Threat actor Midnight Blizzard (Nobelium) accessed a very small percentage of employee email accounts via password spray on a legacy test tenant.
Exfiltrated emails and attachments from senior leadership, cybersecurity, legal, and other functions; no customer or production system access.
Access discovered Jan 12, 2024; removed Jan 13; investigation ongoing; company cooperating with law enforcement.
Microsoft says incident has not had a material impact on operations; financial impact not yet determined.
Company pledges to accelerate security standards for legacy systems, may cause disruption to existing business processes.

Key facts

Extracted from this filing and checked against the source text.

Cybersecurity Incidents SEC 8-K Item 1.05 confidence 0.95

MICROSOFT CORP disclosed a cybersecurity incident: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions. Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed. Discovered 2024-01-12.

Nature: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions.
Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations.
Materiality: assessing
Discovery: 2024-01-12

Exact text from the filing

On January 12, 2024, Microsoft (the “Company” or “we”) detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis.

View on SEC.gov

2 cybersecurity incidents filed in the last 30 days. Browse all cybersecurity incidents →

MICROSOFT CORP filing history →

Source: SEC EDGAR

accession 0001193125-24-011295

view filing index on sec.gov

view primary document

Machine-readable: JSON · Markdown · Plain text

This headline and bullets were generated automatically by deepseek-v4-flash:cloud@v2 from the public filing. Read the source on SEC.gov before relying on any specific claim. Not investment advice. See methodology for how this pipeline works.