In a recent development, Microsoft has revealed that a Russian state-sponsored hacking group, known as Midnight Blizzard, is still utilizing information stolen from its senior leadership team to gain unauthorized access to the company’s internal systems. This revelation comes after Microsoft disclosed in January that Midnight Blizzard had extracted information from a small percentage of employee email accounts, including those of senior leaders and employees in cybersecurity and legal roles.
Since the initial disclosure, Midnight Blizzard has been persistently using the stolen information to infiltrate Microsoft’s source code repositories and internal systems, according to Microsoft’s latest statement issued on Friday. The company noted a significant increase in certain aspects of the attack, such as password sprays, which grew tenfold in February compared to the volume observed in January.
Describing the ongoing attack by Midnight Blizzard, Microsoft emphasized the sustained and substantial commitment of the threat actor’s resources, coordination, and focus. Despite the continued efforts of the hacking group, Microsoft reassured that its investigations into Midnight Blizzard’s activities are ongoing, with collaboration from federal law enforcement agencies.
Fortunately, the attack has not compromised customer-facing systems nor significantly impacted Microsoft’s operations, the company stated. However, it remains uncertain whether this incident will have any financial implications for Microsoft in the future.
This is not the first encounter with Midnight Blizzard as Microsoft previously detected the group, formerly known as Nobelium, engaging in targeted social engineering attacks via Microsoft Teams chats to obtain credentials. U.S. authorities have linked this group to the Foreign Intelligence Service of the Russian Federation and have previously associated them with the SolarWinds hack in 2020.
As Microsoft continues to address the ongoing threat posed by Midnight Blizzard, the company remains vigilant in protecting its systems and data from further incursions. Customers and stakeholders can rest assured that Microsoft is actively working to safeguard its infrastructure and prevent any disruptions caused by malicious actors.
For further updates on this developing story, stay tuned for more information from Dean Seal at dean.seal@wsj.com.
(END) Dow Jones Newswires
March 08, 2024 09:53 ET (14:53 GMT)