Share this article on:
Microsoft has announced that Russian state-sponsored hackers successfully gained access to some of its critical software systems following an earlier hack of several corporate email accounts.
The state-sponsored threat group Midnight Blizzard (also known as Nobelium) launched an attack beginning in late November last year that was detected by Microsoft on 12 January 2024, in which it gained access to a number of corporate email accounts, “including members of our senior leadership team and employees in our cyber security, legal and other functions”, the company said in a blog post.
Microsoft has since announced that the threat group has leveraged the gains made in the previous attack to gain unauthorised access to core software systems in Microsoft’s digital environment.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorised access,” Microsoft wrote in an update on its blog.
“This has included access to some of the company’s source code repositories and internal systems.
“To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
Microsoft said it has also detected that Midnight Blizzard is attempting to use the information it has found through its cyber attack, including secrets shared between it and its customers that were exfiltrated in the email attack.
It also said that the threat actors are increasing the volume and severity of its attack measures by as much as tenfold in February compared to January, such as its password sprays, which it used to gain initial access.
“Midnight Blizzard’s ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” continued Microsoft.
“It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.
“This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
Despite the continued access by Midnight Blizzard, Microsoft said that it had not detected any material impact as a result of the attack.
“As of the date of this filing, the incident has not had a material impact on the company’s operations,” the company wrote in a US SEC filing.
“The company has not yet determined that the incident is reasonably likely to materially impact the company’s financial condition or results of operations.”
The company also added that it has increased its security investments and capabilities and “enhanced our ability to defend ourselves and secure and harden our environment against this advanced persistent threat.
“We continue to coordinate with federal law enforcement with respect to its ongoing investigation of the threat actor and the incident,” it said.