Microsoft reveals how hackers breached its Exchange Online accounts

On January 12, 2024, Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams.

Microsoft now explains that the threat actors used residential proxies and “Password spraying” brute-force attacks to target a small number of accounts, with one of these accounts being a “Legacy, non-production test tenant account.”

When Microsoft first disclosed the breach, many wondered whether MFA was enabled on this test account and how a test legacy account would have enough privileges to spread laterally to other accounts in the organization.

“Using the information gained from Microsoft’s investigation into Midnight Blizzard, Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations,” warns Microsoft in the new update.

In September 2023, it was also revealed that the Chinese Storm-0558 hacking group stole 60,000 emails from U.S. State Department accounts after breaching Microsoft’s cloud-based Exchange email servers earlier that year.

Finally, Microsoft advises using targeted hunting queries in Microsoft Defender XDR and Microsoft Sentinel to identify and investigate suspicious activities.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.