In this video we provide a breakdown of the nation-state attack on Microsoft by Russian backed hacking group Midnight Blizzard ( also known as NOBELIUM) that happened between November 2023 and March 2024.

The attack targeted Microsoft's corporate email systems, with evidence showing attempts to gain unauthorized access to source code repositories and internal systems. While no evidence suggests compromise of Microsoft-hosted customer-facing systems, the attackers have escalated certain aspects of the attack, such as password sprays. The video highlights Microsoft's response efforts, including increased security investments, cross-enterprise coordination, and implementation of enhanced security controls and monitoring to defend against this advanced persistent threat. Ongoing investigations into Midnight Blizzard's activities are emphasized, with a commitment to sharing relevant findings with stakeholders.