Tech giant Microsoft faces a fresh attack from the notorious Russian hacking group ‘Midnight Blizzard,’ with sensitive source code compromised in recent weeks.

The Microsoft Security Response Center (MSRC) confirmed the attack in a recent blog post, emphasizing their commitment to mitigating the threat. “We have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the MSRC stated. “This has included access to some of the company’s source code repositories and internal systems.”

Reused Credentials Grant Illicit Access

This compromise stems from a January attack where Midnight Blizzard (also known as NOBELIUM or APT29) breached Microsoft’s corporate email servers. The hackers exploited a legacy test account lacking multi-factor authentication (MFA), allowing them to access employee inboxes, including leadership and cybersecurity teams.

Microsoft Assures No Customer Impact, Yet

The good news is Microsoft assures no customer-facing systems have been compromised so far. However, they are working diligently to contain the damage and contacting impacted customers whose information was exposed in email exchanges with Microsoft.

Heightened Password Spray Attacks

Adding another layer of concern, Microsoft reported a tenfold increase in password spray attacks by Midnight Blizzard in February compared to January. This brute-force technique throws countless login attempts against accounts, hoping to crack weak passwords.

The MSRC reiterated the importance of MFA in their blog post: “It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found… We continue to coordinate with federal law enforcement with respect to its ongoing investigation of the threat actor and the incident.”

Microsoft Bolsters Defenses

In response to the attack, Microsoft has significantly bolstered their defenses. This likely includes a multi-pronged approach, such as:

• Implementing a Zero Trust Architecture to minimize the impact of stolen credentials.
• Strengthening Privileged Access Management to restrict access to critical systems.
• Deploying advanced threat detection systems to identify and stop suspicious activity.
• Implementing stricter security protocols and employee training programs.

Midnight Blizzard: A Persistent Threat Actor

Midnight Blizzard, linked to Russia’s Foreign Intelligence Service (SVR), is a well-known threat actor. They gained notoriety for the 2020 SolarWinds supply chain attack that breached numerous companies, including Microsoft itself. Back then, they reportedly stole some source code for Azure, Intune, and Exchange. In 2021, they infiltrated Microsoft again, this time accessing customer support tools.

Cybersecurity Vigilance is Key

This latest attack highlights the persistent and resourceful nature of cyber threats. By implementing robust security measures and user awareness training, organizations like Microsoft can significantly reduce their attack surface.