The world’s largest tech company has a security problem. A series of high-profile security incidents have rocked Microsoft over the past few years, and a scathing report from the Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul.” Inside Microsoft, there is concern that the attacks could seriously undermine trust in the company.

Sources tell me that Microsoft’s engineering and security teams have been scrambling to respond to new attacks from the same Russian state-sponsored hackers that were behind the SolarWinds incident. Known as Nobelium or Midnight Blizzard, the hacking group was able to spy on the email accounts of some members of Microsoft’s senior leadership...

Continue reading…