In January, hackers believed to be from Russia gained access to Microsoft’s source code repositories by stealing corporate emails.
Microsoft today shared an update on its actions to manage the consequences of the breach, attributing it to Midnight Blizzard, a Russian hacking group linked to the Kremlin.
Referred to as Cozy Bear, the Russian hackers were removed from Microsoft’s email systems after the company identified the threat. However, it appears they were able to regain some access.
“In recent weeks, there has been evidence indicating that Midnight Blizzard is utilizing information originally obtained from our corporate email systems to achieve, or attempt to achieve, unauthorized access,” stated Microsoft in a blog post. “This has involved accessing some of the company’s source code repositories and internal systems.”
Read also: CAD renders of iPhone 16 Pro show new button, larger size, etc.
The company did not mention whether any source code was exfiltrated. However, cybercriminals have utilized details from the compromised corporate emails to infiltrate the networks of Microsoft and its clients. I have experience attempting to predict login passwords.
“Midnight Blizzard has significantly ramped up certain aspects of the attack, like password sprays, by up to 10 times in February, in comparison to the already substantial volume we observed in January 2024,” Redmond stated.
Nevertheless, the company has not discovered any indication that any “Microsoft-hosted customer-facing systems have been compromised.” It has been proactively contacting customers affected by the email breach to assist them in minimizing the risk.
Midnight Blizzard is renowned as one of the most elite and persistent hacking groups globally. In 2016, the group made headlines for hacking into the Democratic National Committee. In 2020, Midnight Blizzard was also linked to the SolarWinds hack, enabling Russian hackers to extract data from US government agencies.
Read also : The new MacBook Air from Apple comes equipped with a powerful M3 chip.
Meanwhile, Microsoft stated that they are implementing additional security controls, detections, and monitoring.
Source: pcmag.com
