Early this morning I was reading a new on The Hacker News on how Microsoft Confirms Russian Hackers Stole Internal Data and Source Code
Microsoft recently disclosed that the Kremlin-backed threat actor known as Midnight Blizzard (also known as APT29 or Cozy Bear) successfully accessed some of its source code repositories and internal systems following a hack that was uncovered in January 2024. The breach involved Midnight Blizzard utilizing information obtained from Microsoft's corporate email systems to gain unauthorized access to the company's source code repositories and internal systems. Fortunately, there is no evidence that Microsoft-hosted customer-facing systems were compromised
The breach, which occurred in November 2023, involved Midnight Blizzard employing a password spray attack to infiltrate a legacy test tenant account lacking multi-factor authentication (MFA). Microsoft has been actively investigating the breach to determine its full extent and has reached out directly to affected customers. The tech giant highlighted that the threat actor is intensifying its password spray attacks, indicating a significant increase in February compared to January
Midnight Blizzard, associated with Russia's Foreign Intelligence Service (SVR), has been active since at least 2008 and is recognized as one of the most sophisticated hacking groups globally. The ongoing attack by Midnight Blizzard reflects a substantial commitment of resources, coordination, and focus by the threat actor. Microsoft emphasized that this incident underscores an unprecedented global threat landscape, particularly concerning sophisticated nation-state attacks
In response to the breach, Microsoft has ramped up its security investments and continues to enhance its defenses against such threats. The company has not disclosed the specific secrets accessed by Midnight Blizzard or the full scope of the compromise. However, it is actively working to mitigate the impact of the breach and secure its systems against further intrusions
#micorsoft #thehackersnews #cyberdefense #cybersecurity