In a recent development, Microsoft (MSFT.O) revealed on Friday that hackers associated with Russia’s foreign intelligence were once again attempting to breach its systems. Utilizing data stolen from corporate emails back in January, the hackers aimed to gain new access to the tech giant, whose products are extensively used across the U.S. national security establishment.
This disclosure has raised concerns among analysts regarding the safety of systems and services provided by Microsoft, one of the world’s largest software makers. The company supplies digital services and infrastructure to the U.S. government, amplifying worries about national security risks.
Microsoft has attributed the intrusions to a Russian state-sponsored group known as Midnight Blizzard, or Nobelium. The Russian embassy in Washington did not immediately respond to requests for comments on Microsoft’s statement, nor did it respond to previous statements regarding Midnight Blizzard’s activities.
The breach, initially disclosed by Microsoft in January, targeted corporate email accounts, including those of senior company leaders, as well as cybersecurity, legal, and other functions. The tech firm stated in a recent blog that evidence showed Midnight Blizzard utilizing information obtained from the corporate email systems to gain unauthorized access or attempt to do so.
Jerome Segura, principal threat researcher at Malwarebytes’ Threatdown Labs, noted the unsettling nature of the ongoing attack despite Microsoft’s efforts to prevent access. He expressed concerns about customers not having reassurance amid Microsoft’s learning process during the attack.
The hackers stole various data, including access to source code repositories and internal systems, Microsoft confirmed. With Microsoft owning GitHub, a public repository for software code, analysts expressed worries about potential exploitation of such information to compromise software and introduce backdoors.
Microsoft revealed that the hackers used a “password spray” attack to break into staff emails, significantly increasing their attempts compared to the January breach. Adam Meyers, a senior vice president at Crowdstrike, highlighted the severity of the situation, emphasizing the depth of the hackers’ infiltration into Microsoft.
Midnight Blizzard has a history of targeting governments, diplomatic entities, and non-governmental organizations, according to analysts. Microsoft believes the group targeted them due to the company’s extensive research into Midnight Blizzard’s operations, dating back to at least 2021.
Microsoft’s threat intelligence team has been investigating Nobelium since then, especially following its involvement in the SolarWinds cyberattack. Despite Microsoft’s efforts to combat the attacks, the persistence of the breach attempts underscores the significant commitment and focus of the threat actor’s resources.
As the investigation continues, Microsoft is reaching out to affected customers to assist them in taking mitigating measures. However, the company has not disclosed the names of the affected customers.