Microsoft said on Friday that a Russian state-sponsored hacking group named Midnight Blizzard was trying to breach its systems again, by using information it stole from the tech giant’s corporate emails in January.
The disclosure shows that the hacking group analysts link to Russian intelligence is persistent and focused on penetrating Microsoft, which is one of the world’s largest software makers and a key provider of digital services and infrastructure to the US government.
The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft's statement. It also hasn't responded to Microsoft's previous statements about Midnight Blizzard activity.
In January, Microsoft said it had found the hackers tried to breach “a very small percentage” of its corporate email accounts including members of its senior leadership team and those in cybersecurity, legal, and other functions.
Your work questions answered: My hours have been cut but someone new has been hired. Can my employer do this?
Cliff Taylor: How the return of SSIA-style incentives might be on the cards for Irish households
From intern to CEO: does it pay to be a company lifer?
My remuneration ‘was substantial’: The interview transcript Derek Quinlan didn’t want made public
It appears the hacking group, also known as Nobelium, is trying to use the data it stole then to break into Microsoft systems again, the company said.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” it said in a blog.
That data includes some of its source code repositories and internal systems, the company added. Its shares edged lower following the news.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” it added.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.” Microsoft did not name those affected customers.
It also said the hackers had become more aggressive in their targeting, and their use of “password sprays” – where an attacker uses the same password on multiple accounts in the hope of breaking in – had increased as much as tenfold compared to their January attack.
In its January statement the company had said it was likely Midnight Blizzard was targeting it because of Microsoft’s own robust research unravelling the hacking group’s operations. Microsoft’s threat intelligence team has been sharing research on Nobelium since at least December 2020, when it released a four-part series on it. One of them was titled “How nation-state attackers like NOBELIUM are changing cybersecurity.”
The ongoing attempts to breach Microsoft are a sign of “sustained, significant commitment of the threat actor’s resources, co-ordination, and focus,” the company said in its latest blog.
“It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”
There was no evidence that Microsoft’s customer-facing systems had been compromised in the hack, the company added. – Reuters
(c) Copyright Thomson Reuters 2024