Midnight Blizzard attack Microsoft – Russian Hackers Target Microsoft – Russian Hackers Attack Microsoft – Spying and try to Stealing Source Code – Microsoft on March 8, the tech giant issued a warning about the relentless efforts of Russian state sponsored hackers linked to the notorious group Midnight Blizzard, also known as Nobelium. Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack. The warning revealed that these hackers are persistently attempting to breach its systems, leveraging stolen data from corporate emails back in January.
Microsoft emphasized the severity of the situation, expressing concerns about the safety of its systems and services. The attack, which started with the breach in January, has evolved into an ongoing threat. The hackers, identified as Midnight Blizzard, are associated with Russia’s foreign intelligence and are notorious for targeting governments, diplomatic entities, and non-governmental organizations.
Russian Hackers Attack Microsoft – The initial breach involved attempts to access corporate email accounts, including those of senior company leaders and various functional departments such as cybersecurity and legal. Microsoft had already disclosed this breach earlier this year, stating that the hackers, through a dormant account, utilized a “password spray“ attack to gain unauthorized access. The recent development reveals that Midnight Blizzard has escalated its tactics, leading to the theft of source code repositories and internal systems.
Jerome Segura, Principal Threat Researcher at Malwarebytes’ Threatdown Labs, expressed his concern, stating, “That one of the largest software vendors is itself kind of learning things as they go is a little bit scary.” This sentiment is shared among analysts who worry about the hackers’ aggressiveness and Microsoft’s challenges in thwarting their access.
The stolen data includes valuable access to Microsoft’s source code repositories and internal systems, posing a significant threat. The attackers aim to utilize these stolen “secrets” to infiltrate production environments, compromise software, and potentially insert backdoors. Microsoft has not disclosed specific affected customers but affirmed ongoing efforts to assist those impacted.
Microsoft further revealed that the persistent attempts by Midnight Blizzard are a sign of a “sustained, significant commitment of the threat actor’s resources, coordination, and focus.” Additionally, the company warned that the hackers are now attempting to use various “secrets” they have found to further breach Microsoft and potentially compromise its customers. Customers and Microsoft shared some of these secrets in emails.
The ongoing situation underscores the challenges faced by large corporations in defending against evolving cyber threats. Microsoft remains committed to investigating and sharing findings on Midnight Blizzard’s activities, emphasizing the sustained and significant commitment of the threat actor’s resources, coordination, and focus. The company urges customers to stay vigilant and emphasizes the importance of implementing additional security measures to mitigate risks.
This development comes just days after Microsoft announced its plan to overhaul its software security following serious Azure cloud attacks. Several high-profile security attacks have centered around Microsoft in recent years, including the hacking of 30,000 organizations’ email servers in 2021 due to a Microsoft Exchange Server flaw and Chinese hackers breaching US government emails via a Microsoft cloud exploit last year.
Despite Microsoft’s increased security investments and enhanced controls, the hackers continue their persistent efforts. The company reassures its customers that, to date, there is no evidence of compromise in Microsoft-hosted customer-facing systems. Active investigations into Midnight Blizzard’s activities are ongoing, and Microsoft remains committed to sharing updates on their findings.