Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Russian State Hackers Penetrated Microsoft Code Repositories
Russian Foreign Intelligence Service Hack Gets Worse for Computing GiantA Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The computing giant in January disclosed that Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks starting in late November. Microsoft fingered the Russian state hacking group it tracks as Midnight Blizzard - formerly Nobelium - also known as APT29 and CozyBear. The Biden administration in 2021 connected the group to the Russian Foreign Intelligence Service after its hackers inserted a backdoor into IT infrastructure software developed by SolarWinds (see: Microsoft: Russian Hackers Had Access to Executives' Emails).
In a Friday filing with the U.S. Securities and Exchange Commission, Microsoft said the Moscow threat actor also obtained access to "source code repositories and internal systems."
"To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised," the company said.
The hacks appear to be ongoing, and Microsoft stated that the "threat actor used and continues to use information it obtained to gain, or attempt to gain, unauthorized access." A Microsoft representative did not immediately return a request for comment.
In a blog post, the company said the threat actor obtained credentials "shared between customers and Microsoft in email."
"Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024," it says.
The hackers are committing significant resources to hacking Microsoft, the company said. "Midnight Blizzard's ongoing attack is characterized by a sustained, significant commitment of the threat actor's resources, coordination, and focus."
The Redmond giant is not the only company to recently report itself as being on the receiving end of a Midnight Blizzard campaign. Hewlett Packard Enterprise in January also said it believes the threat actor penetrated executives inboxes in continuation of an attack that began in June 2023 (see: HPE Fingers Russian State Hackers for Email Hack).