Microsoft details update on Russian-sponsored “ongoing attack”

Microsoft details update on Russian-sponsored “ongoing attack”

Microsoft has detailed an update on the ongoing cyber attack it has been subjected to from suspected Russian state-sponsored hackers.

Using information obtained during a hit last year, the group known as Midnight Blizzard has targeted Microsoft’s internal systems, the tech giant said in an official blog post.

The company has also shared the latest information with the US Securities and Exchange Commission, in a fresh filing posted on Friday.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft wrote.

“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

What was the initial Midnight Blizzard cyber attack on Microsoft?

In a targeted recon mission, Midnight Blizzard (also known as Nobelium) was able to access a legacy system account using a password-spraying attack.

Although the malicious activity was discovered on 12 January, it is believed the cyberattack commenced in late November 2023, leaving the American multinational tech giant to play catch-up on the serious incident.

Now, Microsoft is facing further intrusion with the hackers “ attempting to use secrets of different types it has found,” as the company detailed an increase in the volume of the attacks. It stated password sprays had increased almost 10-fold in February, beyond the significant rate experienced in January this year.

This is a sophisticated, organized cyber attack that shows no sign of abating, as detailed in the statement.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

“This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”

Microsoft has insisted it remains committed to the ongoing investigation of Midnight Blizzard’s activities.

The hacker collective is believed to be working at the behest of Russia’s Foreign Intelligence Service, known by its native initials, SVR.

Featured image: Pexels

The post “Microsoft details update on Russian-sponsored “ongoing attack”” by Graeme Hanna was published on 03/08/2024 by readwrite.com