Enlarge / A PC running Windows 11. (credit: Microsoft)
The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft’s Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity, Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer’s account, which allowed Storm-0558 to collect data from 25 of Microsoft’s Azure customers, including US federal agencies.
In January, Microsoft disclosed that it had been breached again, this time by Russian state-sponsored hacking group Midnight Blizzard. The group was able “to compromise a legacy non-production test tenant account” to gain access to Microsoft’s systems for “as long as two months.”
Read 8 remaining paragraphs | Comments
