Russian Hackers Breach Microsoft and HPE, More Companies Expected to Disclose Cybersecurity Incidents

The hackers, known as Midnight Blizzard, gained access through an account without multi-factor authentication, highlighting the need for stronger cybersecurity measures.

Russian-sponsored hackers, known as Midnight Blizzard or APT29, have breached Microsoft and Hewlett Packard Enterprise (HPE), stealing emails from executives and other sensitive data.
The hackers gained access to Microsoft's network through a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.
Microsoft has begun notifying other targeted organizations of the breach, indicating that the attack was broader and deeper than initially disclosed.
Microsoft's disclosures have highlighted the need for stronger cybersecurity measures, including the urgent need to enable MFA across all user accounts.
The U.S. Securities and Exchange Commission's strengthened rules requiring companies to disclose cybersecurity incidents have played a role in the recent disclosures by Microsoft and HPE.