--- schema_version: "secwatch.filing_event.v1" accession: "0001193125-24-011295" form_type: "8-K" ticker: "MSFT" cik: "0000789019" company_name: "MICROSOFT CORP" filed_at: "2024-01-19T23:59:59+00:00" generated_at: "2026-06-06T21:37:14.079774+00:00" event_type: "cyber" sentiment: "negative" materiality_score: 0.75 calibrated_materiality_score: 0.75 confidence: "high" source: SEC EDGAR --- # Microsoft detects nation-state attack on corporate email; exfiltrated data from senior leadership accounts ## Summary - Threat actor Midnight Blizzard (Nobelium) accessed a very small percentage of employee email accounts via password spray on a legacy test tenant. - Exfiltrated emails and attachments from senior leadership, cybersecurity, legal, and other functions; no customer or production system access. - Access discovered Jan 12, 2024; removed Jan 13; investigation ongoing; company cooperating with law enforcement. - Microsoft says incident has not had a material impact on operations; financial impact not yet determined. - Company pledges to accelerate security standards for legacy systems, may cause disruption to existing business processes. ## SEC filing metadata - accession: 0001193125-24-011295 - form_type: 8-K - ticker: MSFT - cik: 0000789019 - company_name: MICROSOFT CORP - filed_at: 2024-01-19T23:59:59+00:00 - event_type: cyber - sentiment: negative - materiality_score: 0.75 - calibrated_materiality_score: 0.75 - confidence: high - sec_items: 1.05, 7.01, 9.01 - EDGAR index: https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/0001193125-24-011295-index.htm - EDGAR primary document: https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866d8k.htm ## Machine-readable alternates - HTML: https://secwatch.observer/filing/0001193125-24-011295 - JSON: https://secwatch.observer/filing/0001193125-24-011295.json - Plain text: https://secwatch.observer/filing/0001193125-24-011295.txt ## Key facts - Cybersecurity Incidents MICROSOFT CORP disclosed a cybersecurity incident: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions. Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations. Materiality is still being assessed. Discovered 2024-01-12. - Nature: A nation-state associated threat actor gained access to and exfiltrated information from a very small percentage of employee email accounts, including members of senior leadership and employees in cybersecurity, legal, and other functions. - Impact: The incident has not had a material impact on operations; the Company has not yet determined whether it is reasonably likely to materially impact financial condition or results of operations. - Materiality: assessing - Discovery: 2024-01-12 source text: On January 12, 2024, Microsoft (the “Company” or “we”) detected that beginning in late November 2023, a nation-state associated threat actor had gained access to and exfiltrated information from a very small percentage of employee email accounts including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, on the basis of preliminary analysis. evidence_url: https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/0001193125-24-011295-index.htm This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.