Microsoft Validates Russian Hackers Obtained Customer Secrets and Source Code -

Post Views: 192

Microsoft Validates Russian Hackers Obtained Customer Secrets and Source Code

Microsoft disclosed on Friday that Midnight Blizzard (also known as APT29 or Cozy Bear), a threat actor sponsored by the Kremlin, gained accessibility to some of its internal computer networks and source code libraries subsequent to a breach that surfaced in January 2024.

“In recent weeks, we have come across proof that Midnight Blizzard is employing data originally stolen from our corporate email systems to acquire, or attempt to obtain unauthorized access,” the major technology company stated.

This has entailed gaining entry to internal systems and source code repositories of the organization. As of now, there is an absence of evidence indicating any compromise of customer-facing systems hosted by Microsoft.

Redmond, which is further investigating the scope of the breach, has reported that the Russian state-sponsored threat actor is attempting to exploit the various types of secrets it has uncovered, including email correspondence between Microsoft and its customers.

However, the company failed to reveal the nature of these secrets or the extent of the breach; however, it did indicate that it has contacted affected consumers directly. What specific source code was accessed remains unclear.

Microsoft, which has increased its security expenditures, added that the adversary’s password leak attacks increased by a factor of ten in February, from the “already substantial volume” observed in January.

“Midnight Blizzard’s continuing attack has been defined by a sustained, significant commitment of the threat actor’s assets, coordination, and focus,” according to the report.

“It might be utilizing the acquired information to construct a mental image of potential attack zones and thereby improve its capability to execute such maneuvers.” This exemplifies the increasingly unprecedented global threat environment, particularly with regard to highly sophisticated attacks orchestrated by nation-states.

According to available information, the Microsoft breach occurred in November 2023. To effectively infiltrate a legacy, non-production test tenant account that lacked multi-factor authentication (MFA), Midnight Blizzard utilized a password spray attack.

Late in January, the technology behemoth disclosed that APT29 had penetrated into additional organizations via a variety of initial access methods, including supply chain attacks and stolen credentials.

Midnight Blizzard is a division of the SVR or Russian Foreign Intelligence Service. The threat actor, which has been active since at least 2008, is among the most sophisticated and prolific cyber groups; it has compromised high-profile targets including SolarWinds.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.

READ MORE ARTICLE HERE