Headline
Russian Midnight Blizzard Hackers Breached Microsoft Source Code
By Deeba Ahmed Midnight Blizzard (aka Cozy Bear and APT29) originally breached Microsoft on January 12, 2024. This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code
Microsoft confirms that Russian state-sponsored hackers, known as Midnight Blizzard, infiltrated their systems and stole source code. Experts warn of potential zero-day vulnerabilities.
Microsoft has been hit by a significant cybersecurity breach, with the company confirming that Russian hackers infiltrated its infrastructure, compromising valuable source code.
The breach, originally discovered on January 12, 2024, and reported on January 19, raised concerns about the potential misuse of proprietary information and the security of millions of users relying on Microsoft’s products and services.
Earlier this year, Microsoft disclosed that Russian state-sponsored hackers referred to as Midnight Blizzard (also known as Nobelium, Cozy Bear, and APT29), have been spying on the email accounts of Microsoft’s team members. The group, known for the devastating SolarWinds attack, successfully stole source code in what Microsoft now terms an “ongoing attack.”
Reportedly, the hackers infiltrated a “small percentage of corporate email accounts” and stole internal messages and files in an attack that began in late November 2023. The threat actor compromised a non-production test tenant account using a password spray attack, accessing some Microsoft corporate email accounts, including senior leadership and cybersecurity employees, and exfiltrating emails and documents.
The attackers exploited vulnerabilities in Microsoft’s defences, gaining unauthorized access to a substantial portion of source code, including Windows OS components, Office Suite, and other critical software elements.
****Update from Microsoft****
Previously, Microsoft stated that there was no evidence that the “threat actor had any access to customer environments, production systems, source code, or AI systems.” However, as per Microsoft’s update published on March 8, 2024, Midnight Blizzard is using information from corporate email systems to gain unauthorized access, including access to source code repositories and internal systems. Still, the company asserts that there’s no evidence that attackers compromised Microsoft-hosted customer-facing systems.
Midnight Blizzard is using various tactics to attack Microsoft, some of which were shared between Microsoft and its customers via emails. Moreover, the company claims hackers increased the attack volume, such as password sprays, by up to 10 times in February compared to January.
Microsoft has increased security investments and coordinated cross-enterprise efforts to counter Midnight Blizzard’s persistent threat. The company is enhancing its security controls, detections, and monitoring, as well as conducting ongoing investigations into the group’s activities.
Hackread will continue to share findings and information as they evolve. Users are advised to implement security updates, report suspicious activity, and adhere to security best practices.
Ariel Parnes, former Head of the Israeli Intelligence Service Cyber Department, winner of the Israel Defense Prize for tech innovations in the cyber field, and COO and Co-Founder at SaaS incident response leader, Mitiga, shared the following insights with Hackread.com:
“For advanced nation-state cyber groups, access to a company’s source code is akin to finding the master key to its digital kingdom, opening up avenues for finding new zero-day vulnerabilities: undiscovered security flaws that can be exploited before they’re known to the software creators or the public.”
Ariel warned that “Zero-day vulnerabilities represent a critical threat because there’s no straightforward way to detect them until after they’ve been discovered and disclosed by the software creators. Given this challenging landscape, organizations need to double down on cybersecurity measures focused on proactive defence.”
- Microsoft Disables App Installer After It’s Abused for Malware
- Fake Ledger App on Microsoft Store to Steal $800k in Crypto
- Microsoft Azure Exploited to Create Undetectable Cryptominer
- Microsoft Teams External Access Abuses for DarkGate Malware
- Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group