Microsoft announced in January that it had been targeted by a Russian hacker group, compromising the company’s email system and employee communications. Last week, the company revealed that the hackers had gained access to its source code and internal systems. However, Microsoft stated that there is no evidence of customer systems being compromised.
In the incident disclosed in January, the Russian hacker group known as Midnight Blizzard (also known as Nobelium) gained access to a test tenant account of an outdated Microsoft software using a password spray technique. They then leveraged the account’s privileges to access the Exchange systems and emails of multiple employees and high-level executives. Microsoft provided an update on this incident last week.
In recent weeks, Microsoft discovered that Midnight Blizzard attempted or succeeded in accessing Microsoft systems using information obtained from employee emails during the January incident. The hackers accessed parts of the company’s source code repository and internal systems, but Microsoft has not found evidence of compromise in their customer-facing systems.
Microsoft believes that Midnight Blizzard is using various passwords and credentials to cause harm, including sensitive information from both customers and Microsoft emails. While Microsoft emphasized that customers have been notified and assistance is being provided to prevent attacks, they stated that the hackers are launching attacks with ten times the intensity of early-year tactics like password spraying. Microsoft stated that the persistent attacks by Midnight Blizzard demonstrate their abundant resources, precise coordination, and focus. The hackers can use the information they possess to expand their attack surface and enhance their capabilities, presenting an unprecedented and increasingly prevalent threat.
According to Microsoft’s report to the U.S. Securities and Exchange Commission, this operation has not had a substantial financial impact on the company.