A Russian state-backed group that Microsoft said hacked into its corporate email accounts was able to gain access to its core software systems, the company announced on Friday.
Microsoft said its security team detected the attack in January and identified the group responsible as Midnight Blizzard, “the Russian state-sponsored actor also known as Nobelium.”
A Microsoft logo adorns a building in Chevy Chase, Md., May 20, 2021.
Eva Hambach/AFP via Getty Images, FILE
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft said in a blog post update on Friday. “This has included access to some of the company’s source code repositories and internal systems.”
The company said it has found no evidence that Microsoft-hosted customer-facing systems have been compromised due to the breach.
As of Friday, the incident has “not had a material impact” on Microsoft’s operations, the company stated in an SEC filing.
“The Company has not yet determined that the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the filing stated.
Midnight Blizzard is apparently attempting to use “secrets” that it has found in the hack, according to Microsoft.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures,” Microsoft said.
The volume of some aspects of the ongoing attack has intensified, increasing as much as 10-fold in February compared to January, Microsoft said. That includes “password sprays,” in which a user uses a single common password against multiple accounts on the same application, the company said.
“Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” Microsoft said Friday. “We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”
The attack began in November, Microsoft said. The company was able to remove the hacker’s access to the email accounts on Jan. 13, according to a company filing with the SEC.
The company said in its SEC filing on Friday that it continues to coordinate with federal law enforcement on the ongoing investigation into the incident.
Microsoft has recently confirmed that Russian state-backed hackers have successfully breached its core software systems. This revelation has raised concerns about the security of Microsoft’s products and the potential for further cyber attacks on a global scale.
The breach was discovered by Microsoft’s Threat Intelligence Center, which identified a group known as Nobelium as the perpetrators. Nobelium is believed to be the same group responsible for the SolarWinds cyber attack last year, which targeted multiple US government agencies and private companies.
According to Microsoft, the hackers gained access to its systems through a compromised account belonging to a customer support agent. This allowed them to view source code for various Microsoft products, including Azure, Exchange, and Intune. While there is no evidence that customer data was compromised, the breach has raised concerns about the security of Microsoft’s software and the potential for future attacks.
Microsoft has stated that it has taken steps to secure its systems and is working with law enforcement agencies to investigate the breach. The company has also urged customers to update their software and enable multi-factor authentication to protect against potential cyber attacks.
This breach highlights the ongoing threat posed by state-backed hackers and the importance of robust cybersecurity measures. Companies must remain vigilant and proactive in protecting their systems and data from malicious actors. As cyber attacks become increasingly sophisticated and widespread, organizations must prioritize cybersecurity to safeguard their assets and maintain the trust of their customers.
