Microsoft Midnight Blizzard Breach (2024)

# Microsoft Midnight Blizzard Breach (2024) ## Overview In January 2024, Microsoft disclosed that APT29, the Russian Foreign Intelligence Service (SVR) hacking unit tracked under the name Midnight Blizzard, had breached the email accounts of senior Microsoft executives.

Threat IntelligenceTIDThreatIATIdentityIntermediateCONFIDENTIAL2,258 words10 min readApr 7, 2026

Last updated Apr 11, 2026

CLASSIFICATION: CONFIDENTIAL

This article requires CONFIDENTIAL clearance or higher.

What you need

Create a free Nexus ID to access CDA proprietary content including PDM domain explainers, methodology deep-dives, and reconnaissance mission briefings.

Create Nexus ID (Free)

Also at this clearance level

Threat IntelligenceTIDThreatIntermediate

Table of Contents

Microsoft Midnight Blizzard Breach (2024)

What you need

Also at this clearance level

APT28 (Fancy Bear / Forest Blizzard)

Lazarus Group (HIDDEN COBRA / Diamond Sleet)

Salt Typhoon

Single Sign-On (SSO) Architecture

The Academy

The Command Post

The Armory