Microsoft announced on Friday that hackers associated with Russia’s foreign intelligence were attempting to breach its networks once more. They were utilizing information pilfered from company emails in January to obtain fresh entry to the computer behemoth, whose goods are extensively utilized within the U.S. national security apparatus.
Some experts expressed anxiety over the revelation, citing worries about the security of Microsoft’s systems and services. Microsoft is one of the biggest software companies in the world and supplies the US government with digital services and infrastructure.
Concerns over threats to national security have been voiced by analysts. According to Microsoft, the breaches are being carried out by a Russian state-sponsored organization known as Midnight Blizzard, or Nobelium.
A request for comment on Microsoft’s announcement was not immediately answered by the Russian embassy in Washington. It has also not commented to Microsoft’s earlier comments regarding Midnight Blizzard activity.
Microsoft revealed the incident in January, claiming that the hackers had attempted to access corporate email accounts belonging to senior business executives, cybersecurity, legal, and other departments.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the tech firm said in a new blog.
Given Microsoft’s vast customer network, it is not surprising it is being targeted, said Jerome Segura, principal threat researcher at the cybersecurity firm Malwarebytes’ Threatdown Labs. He added it was unnerving that the attack was still underway despite Microsoft’s efforts to thwart access.
“That one of the largest software vendors is itself kind of learning things as they go is a little bit scary,” Segura said. “You don’t have the reassurance that if you’re a customer, that there isn’t something bigger going on.”
The attacks are also a testament to how aggressive the hackers are, he added.
Among the data the hackers stole was access to source code repositories and internal systems, Microsoft said. The company owns GitHub, a public repository of software code for various applications, said Malwarebytes’ Segura.
“This is the kind of thing that we’re really worried about,” Segura said. “The attacker would want to use (Microsoft’s) secrets to get into production environments, and then compromise software and put backdoors and things like that.”
Previously, Microsoft said the hackers had broken into staff emails by using a dormant account through a “password spray” attack — using the same password on multiple accounts until they break into one. Such attacks increased as much as tenfold in Midnight Blizzard’s latest attempts, compared the January breach, Microsoft said in its blog.
“This seems like it’s something very targeted, and if (the hackers) are that deep inside Microsoft, and Microsoft hasn’t been able to get them out in two months, then there’s a huge concern,” said Adam Meyers, a senior vice president at the cybersecurity firm Crowdstrike, who tracks nation-state hacking.
‘SECRETS OF DIFFERENT TYPES’
Midnight Blizzard is known to target governments, diplomatic entities, and non-governmental organizations, according to various analysts who track the group. In its January statement Microsoft said Midnight Blizzard was probably targeting it because the company has done robust research unraveling the hacking group’s operations.
Microsoft’s threat intelligence team has been investigating and sharing research on Nobelium since at least 2021, when the group was found to be behind the SolarWinds cyberattack that compromised a raft of U.S. government agencies.
The persistent attempts to breach Microsoft are a sign of “sustained, significant commitment of the threat actor’s resources, coordination, and focus,” the company said on Friday.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” it added.
“Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Microsoft did not name affected customers.
