MICROSOFT has accused a Russian state-sponsored hacking group of trying to breach its systems using stolen information.
The internet giant believes Midnight Blizzard hacked into their corporate emails in January to source the info.
Microsoft has accused a Russian state-sponsored hacking group of breaching their systems
AFPVladimir Putin’s ‘Midnight Blizzard’ hackers previously hacked into the internet giant’s accounts[/caption]
That attack two months ago saw the hacking group, who are also known as Nobelium, breach Microsoft’s corporate email systems.
Emails, as well as documents from staff accounts, were taken.
In a statement on its blog, the company said: “In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.”
That data includes some of its source code repositories and internal systems, Microsoft said.
The company’s shares edged lower following the news.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” Microsoft added.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
In some ways the hackers had become more aggressive in trying to penetrate Microsoft, the company said.
For instance, the hackers’ use of “password sprays” had increased as much as tenfold compared to their January attack, Microsoft said.
This type of attack is where an attacker uses the same password on multiple accounts in the hope of breaking in.
Microsoft had configured a non-production test tenant account without two-factor authentication enabled, allowing Nobelium to gain access.
“Across Microsoft, we have increased our security investments, cross-enterprise coordination and mobilization, and have enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat,” the company said.
“We have and will continue to put in place additional enhanced security controls, detections, and monitoring.”
The Russian embassy in Washington has previously not responded to requests for comment on Microsoft’s statements about the Midnight Blizzard attack.
Microsoft added that it had no evidence that its customer-facing systems had been compromised in the hack.
Midnight Blizzard were the same group behind the infamous SolarWinds attack in December 2020 that reportedly saw US government agencies breached.
The Russian-backed group then followed that up with an email attack on 150 organisations including US government agencies in May 2021.
The actor Nobelium targeted around 3,000 email accounts across 24 countries, gaining access to an email service used by USAID – United States Agency for International Development.
Over the years, Moscow has faced numerous allegations of cyberattacks that resulted in multiple sanctions and the expulsion of its diplomats.
It isn’t just troops fighting in the trenches that Vladimir Putin has been utilising, with his army of hackers also making their mark.
As a result, the term “hacker” has almost become synonymous with Russia.