Microsoft revealed on Friday that a sophisticated nation-state cyber attack breached email accounts belonging to members of its senior leadership team in late November 2023. The attack was conducted by Nobelium, the same group behind the extensive SolarWinds espionage campaign uncovered nearly three years ago.

According to Microsoft’s Security Response Center, the breach was not the result of a vulnerability in Microsoft products or services. Rather, it started with a password spray attack that allowed the hackers to gain access to a non-production legacy account. They then leveraged the compromised account’s permissions to access a “very small percentage” of corporate email accounts used by Microsoft leaders and employees in cybersecurity, legal, and other functions. The hackers were able to exfiltrate some emails and documents before Microsoft detected the intrusion on January 12th, 2024.

Microsoft stated that the initial goal seemed to be gathering intelligence and information about the company itself, and it is still unclear exactly what or how much data may have been stolen over the weeks or months the attackers had access. As of now, Microsoft says there is no evidence that customer data or production systems were impacted.

The timing of the attack is notable, coming just days after Microsoft announced sweeping changes to its software security practices in response to major breaches of its Azure cloud platform. Over the past few years, Microsoft has found itself at the center of several high-profile cyber incidents – from SolarWinds to exploits in Exchange Server and cloud services that enabled access to thousands of corporate and government email systems.

This latest sophisticated attack aimed at accessing sensitive information highlights the growing threat and willingness of nation-state actors to target technology providers and their leadership. Even with extensive resources and security expertise, Microsoft was unable to detect Nobelium’s presence for over a month. As the company works to revamp its internal security processes, it also serves as a sobering reminder that no organization is immune from cyber espionage.

The incident reveals both the increasing sophistication of state-sponsored hacking and the challenges of detecting stealthy, patient attackers focused on quietly stealing confidential information. It remains to be seen whether Nobelium was able to access extremely sensitive strategy, plans or other intellectual property from Microsoft’s senior leaders during its weeks of access.

Microsoft will now need to assess the damage from the breach, determine what may have been taken, and implement enhanced monitoring to spot similar attacks more rapidly. However, the complexity of detecting and rooting out intruders that have already established a foothold presents major hurdles – even for the world’s largest software company.