Microsoft announced on Friday, March 8 that Russian government hackers are persistently infiltrating its systems, using data acquired from a previous breach.
This latest breach, attributed to Russian hackers known as Midnight Blizzard, specifically targeted Microsoft’s source code and internal systems, according to the company’s statement.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain unauthorized access. This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post.
Microsoft also disclosed these new findings in a filing with the U.S. Securities and Exchange Commission on Friday.
This new breach comes after Microsoft revealed in January 2024 that Russian government hackers had broken into the company’s systems in November last year.
Back then, the Russian hackers gained unauthorized access to corporate email accounts belonging to the “senior leadership team and employees in our cybersecurity, legal, and other functions.” Microsoft revealed that the objective of this operation was to ascertain the extent of information Microsoft possessed about them.
In its most recent blog post on Friday, March 8 the tech giant disclosed that Midnight Blizzard “is attempting to use secrets of different types it has found.”
This hacking group also identified as APT29 or Cozy Bear, discovered certain confidential information in emails exchanged between Microsoft and its customers. Microsoft noted a tenfold increase in the hackers’ efforts to brute force accounts, also referred to as “password spraying,” since the initial attacks.
According to the company, the hackers’ activities show “a sustained, significant commitment” of their “resources, coordination, and focus.”
“[Midnight Blizzard] may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft wrote.
Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR. The spies have been one of the most prolific government-backed hacking groups in the last few years.
However, the Kremlin denied any direct links with Midnight Blizzard. It maintained that the accusations were unfounded and part of a broader anti-Russian narrative.
However, international intelligence agencies and cybersecurity experts continue to investigate and attribute the group’s activities to the Russian state-sponsored SVR
Apart from the Microsoft attacks, Midnight Blizzard has been involved in other significant cyber operations.
Midnight Blizzard‘s Espionage And Attacks
In December 2020, Midnight Blizzard orchestrated a sophisticated supply chain attack by compromising the SolarWinds Orion software. This allowed them to infiltrate numerous organizations, including US government agencies and private companies.
The attack involved backdooring SolarWinds software updates, which were then distributed to thousands of customers. This attack granted the hackers access to sensitive networks and data.
Moreover, Midnight Blizzard had frequently employed phishing emails to gain initial access to target systems. These emails often contained malicious attachments or links.
For instance, they used COVID-19-themed phishing lures during the pandemic to trick victims into downloading malware or revealing credentials.
The group had also exploited zero-day vulnerabilities in various software products to gain unauthorized access. Their use of unknown vulnerabilities makes detection and defense challenging for organizations.
However, Microsoft stated in the blog post that “we have increased our security investments, cross-enterprise coordination, and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat. We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”
The company added “Our active investigations of Midnight Blizzard activities are ongoing, and findings of our investigations will continue to evolve. We remain committed to sharing what we learn.”
READ ALSO: Apple Makes Big Changes Under New EU DMA Regulation
