More Microsoft customers were confirmed to have had their emails with the firm compromised by Russian state-sponsored threat operation Midnight Blizzard, also known as Cozy Bear and APT29, as part of an attack against Microsoft executives' emails disclosed in January that resulted in unauthorized access to correspondences from different organizations, including U.S. government agencies, BNN Bloomberg reports.
Impacted entities have been given a link by Microsoft wherein they could review emails affected by the incident, email notifications revealed. "...[W]e are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor. This is increased detail for customers who have already been notified and also includes new notifications," said a Microsoft spokesperson. Such a development comes amid Microsoft's ongoing efforts to strengthen its security measures following a federal report deriding the firm's lacking security culture.
