Microsoft revealed last Friday that they continue to be the target of the Russia-backed hacking group, Midnight Blizzard. They believe the group is attempting to infiltrate their systems using information hijacked from Microsoft’s corporate emails back in January.
This ongoing assault illustrates the determination of the hacker group, thought to be connected to Russian intelligence, to break into Microsoft – one of the globe’s biggest software producers and a crucial provider of digital services and infrastructure to the American government.
The Russian embassy in Washington hasn’t issued a response regarding Microsoft’s statement, nor have they addressed previous claims about Midnight Blizzard’s activities.
In the first month of the year, Microsoft stated the hackers attempted unauthorised access to a minuscule proportion of their corporate email accounts, including individuals in senior management and employees in cybersecurity, legal and related roles.
Also known as Nobelium, the hacking group is apparently using the data acquired in January to make another move on Microsoft’s systems.
Microsoft noted in a recent web post: “In the past few weeks, we’ve identified that Midnight Blizzard is employing data initially lifted from our corporate email systems to gain, or to attempt to gain unauthorised access.”
The stolen data comprises of their source code repositories and internal systems, causing a slight dip in share value following the news.
Microsoft said: “It’s clear that Midnight Blizzard is attempting to exploit various types of secrets discovered.” These secrets come from shared customer emails, and Microsoft is actively assisting these customers with mitigating measures, although they did not specify who these customers are.
The company also disclosed that the hacking group’s techniques are growing more forceful. Their use of ‘password sprays’, where attackers apply the same password to numerous accounts hoping to gain access, surged to ten times the frequency of their January assault.
Microsoft suggested that it could be a target due to its fierce investigation into Midnight Blizzard’s actions. Microsoft’s threat intelligence team has been dissecting Nobelium’s operations since December 2020 at least, even releasing an in-depth analysis on it titled ‘How nation-state attackers like NOBELIUM are changing cybersecurity.’
Activist efforts to infiltrate Microsoft demonstrate a persistent and considerable dedication of the threat actor’s capabilities and energy, according to the company’s most recent blog post. The information gathered by this threat actor may well be employed to construct a strategic plan of attack and improve their attacking prowess. Microsoft, however, reassures that there’s no substantiation suggesting the company’s consumer-related systems have fallen under the repercussions of any security breach. This news is brought to you courtesy of Reuters and all rights are reserved under the copyright of Thomson Reuters 2024.