Russian Hackers Continue Targeting Microsoft Systems, Warns Company
Mar 10, 2024
Microsoft reported on Friday that hackers connected to Russia's foreign intelligence were attempting once again to break its systems. They used data stolen from corporate emails in January to gain new access to the popular tech company, whose products are widely utilized in the U.S. national security sector, according to Reuters.
Similar topics for you...This topic continues below.
Spotify Expands AI Playlist to New Markets
China Slams US Trade Ban on Vehicles with Chinese Technology
Microsoft 365 Down for Thousands, Reports Downdetector
This news raised concerns among analysts regarding the safety of Microsoft's systems and services. The company is one of the largest software makers globally, providing digital services and infrastructure to the U.S. government.
Analysts have voiced tension about the national security risks posed by these interruption. Microsoft has allocated the attacks to a Russian state-sponsored group known as Midnight Blizzard, or Nobelium.
The Russian embassy in Washington has not responded to requests for comment on Microsoft's statement or their previous remarks regarding Midnight Blizzard's activities.
Microsoft revealed the breach in January, saying that hackers attempted to access corporate email accounts, including those of senior company leaders, as well as cybersecurity, legal, and other departments.
We have observed evidence that Midnight Blizzard is utilizing information obtained from our corporate email systems to gain unauthorized access, the tech company announced in a recent blog post.
Jerome Segura, principal threat researcher at Malwarebytes' Threatdown Labs, commented that Microsoft's extensive customer base makes it a prime target for cyberattacks. He noted that it is concerning that the breach was still ongoing despite Microsoft's efforts to prevent it.
Microsoft disclosed that the hackers had obtained access to source code repositories and internal systems. As the owner of GitHub, a public software code repository, this breach could have far-reaching implications for the company, Segura said.
Microsoft previously said that hackers gained access to staff emails by exploiting a inactive account with a "password spray" attack, where the same password is used on multiple accounts until one is breached. These attacks have increased significantly in Midnight Blizzard's recent attempts, compared to the January breach, as reported on Microsoft's blog.
Microsoft's threat intelligence team has been investigating since 2021, when the group was identified as the mastermind behind the SolarWinds cyberattack that targeted various U.S. government agencies.
The continuous efforts to breach Microsoft highlight the substantial dedication and resources of the threat actor, according to the company's statement on Friday.
It is clear that Midnight Blizzard is utilizing various types of secrets they have discovered, Microsoft said.
The company did not disclose the identities of the affected customers.