Microsoft Reveals Ongoing Cyber Attack by Russian Hackers
Midnight Blizzard Gains Access to Source Code and Internal Systems
In a recent disclosure, Microsoft has revealed that the Russian state-sponsored hacking group known as “Midnight Blizzard” (also referred to as Nobelium) has been persistently targeting the company’s systems. The attackers, who were also responsible for the notorious SolarWinds breach, have managed to gain unauthorized access to some of Microsoft’s source code repositories and internal systems.
According to a blog post by Microsoft, the hackers have been leveraging information initially stolen from the company’s corporate email systems to further infiltrate its network. While no evidence has been found suggesting that customer-facing systems hosted by Microsoft have been compromised, the company is actively reaching out to affected customers to help them implement necessary security measures.
Exploiting Secrets and Vulnerabilities
Midnight Blizzard is now attempting to exploit various types of secrets they have discovered during their intrusion to deepen their foothold within Microsoft and potentially target its customers. Some of these secrets were exchanged between customers and Microsoft via email, and as the company identifies them in the exfiltrated data, they are proactively assisting customers in mitigating the risks.
Initial Access Through Password Spray Attack
The initial breach occurred last year when Nobelium successfully carried out a password spray attack against Microsoft’s systems. This brute-force technique involves using a vast dictionary of potential passwords to gain access to accounts. The hackers were able to exploit a non-production test tenant account that lacked two-factor authentication, granting them a foothold in the company’s network.
Enhancing Security Measures and Ongoing Investigations
In response to this persistent threat, Microsoft has significantly increased its security investments, improved cross-enterprise coordination, and strengthened its ability to defend against such advanced attacks. The company has implemented additional security controls, detections, and monitoring to bolster its defenses.
“Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,”
Microsoft’s investigations into Midnight Blizzard’s activities are ongoing, and the company remains committed to sharing its findings as the situation evolves. This latest incident follows a series of high-profile security breaches that have affected Microsoft in recent years, including the hacking of 30,000 organizations’ email servers due to a Microsoft Exchange Server flaw in 2021 and the breach of US government emails via a Microsoft cloud exploit last year.
As the threat landscape continues to evolve, Microsoft’s dedication to transparency and its efforts to fortify its security posture will be crucial in protecting its own systems and those of its customers from sophisticated cyber attacks.
1 Comment
They’re always one step ahead, aren’t they