The Microsoft Security Response Centre spotted the break-in by the Russian state-backed hacking group Midnight Blizzard (aka Nobelium), the same lot behind the SolarWinds attack in 2020.

The hack, discovered on 12 January, exposed the accounts of top brass, cybersecurity boffins and legal eagles, raising worries over what secrets they spilt.

The attack started in late November. Even though the hackers were in the system for ages, Microsoft claims that only a "very small percentage" of corporate accounts were hit. But the hackers managed to nick emails and attached documents during the raid.

Microsoft is now telling staff affected by the hack.

A legal document said the company had kicked the hackers out of the hacked accounts on or about 13 January.

The hack was done using a password-spraying trick. The hackers got into an "old non-production test tenant account" with out-of-date code.

The hackers used the account's permissions to get into accounts belonging to senior leaders and other targets.

Microsoft said flaws in its products or services did not cause the hack, and there is no proof of gaining access to customer environments, production systems, source code, or AI systems.

The Russian hacking group Nobelium is part of the Russian Foreign Intelligence Service, SVR. It was behind one of the biggest hacks in US history when it hacked the US government by putting nasty code into SolarWinds' Orion software updates.

The gang has also hacked cybersecurity firm FireEye, government agencies and IT service providers, as well as several attacks on the Ukrainian government during the ongoing war.

Microsoft's confession comes one month after a new US Securities and Exchange Commission rule starts that requires public companies to share hacks that could hurt their business within four days.

Microsoft said that, even though it didn't think the attack was a big deal, it wanted to follow the spirit of the new rules.