Microsoft hack: Five questions enterprises should ask their IT leaders

Software giant Microsoft revealed in mid-January 2024 that its systems were successfully infiltrated at the end of 2023 by Russia-backed hacking group Midnight Blizzard, as part of a coordinated and targeted information-gathering exercise.

Microsoft confirmed the details of the attack in a statement published online on Friday 19 January 2024,  where it revealed the attack was first detected on 12 January 2024 and the immediate activation of its internal response processes meant it was able to immediately remove the hackers from its systems.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI [artificial intelligence] systems,” said Microsoft in its statement.

“We will notify customers if any action is required. This attack does highlight the continued risk posed to all organisations from well-resourced nation-state threat actors like Midnight Blizzard.”

And while Microsoft made it clear in its statement that no customer data or services were put at risk during the attack, Microsoft did publish a broader warning in its Security Threat Intelligence Blog on 25 January 2024  that stated its investigation into the hack is still on-going and further details about the impact of the attack may still come to light.

As a result, here are five questions enterprise users of Microsoft’s cloud services should be asking of their CIO, CTO and CISO in the wake of this attack.

  1. Microsoft presents itself as being an intrinsically secure platform – is that still the case?

This is a key question because a company’s risk profile should be under continuous, ongoing re-assessment in any event, and the flurry of recent Microsoft hacks ought to be on their risk radar.

It is not clear how (or even if) Microsoft will be able to 100% guarantee its entire cloud environment is now clean and free from hackers, and they’ve reported being attacked successfully multiple times by Chinese and Russia-backed hacking groups.

  1. Are we relying on the same security controls as Microsoft do?

Microsoft disclosed the Midnight Blizzard hackers were inside its systems for up to 42 days before they were…