Microsoft said that hackers linked to Russia’s foreign intelligence had been trying to hack into its systems once more, this time using data stolen from corporate emails in January to gain new access to the tech behemoth.
Microsoft (MSFT.O), which opened a new tab, said on Friday that hackers linked to Russia’s foreign intelligence were attempting to break into its systems once more, using data stolen from corporate emails in January to gain new access to the tech behemoth whose products are widely used across the United States’ national security apparatus.
Some experts were disturbed by the news, citing concerns about the security of systems and services at Microsoft, one of the world’s major software companies that supplies digital services and infrastructure to the United States government.
Analysts have raised concerns about national security dangers. Microsoft has stated that the intrusions were carried out by a Russian state-sponsored outfit known as Midnight Blizzard, or Nobelium.
The Russian embassy in Washington did not immediately react to a request for comment on Microsoft’s statement or on Microsoft’s earlier statements regarding Midnight Blizzard activity.
Microsoft reported the incident in January, stating that hackers attempted to break into business email accounts, including those of senior company executives, as well as cybersecurity, legal, and other services.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the software company wrote in a recent blog post.
Microsoft’s enormous client network makes it unsurprising that it is being attacked, according to Jerome Segura, lead threat researcher at Malwarebytes’ Threatdown Labs. He said that it was concerning that the attack was still ongoing, despite Microsoft’s efforts to prevent access.
“That one of the largest software vendors is itself kind of learning things as they go is a little bit scary,” he said. “You don’t have the reassurance that, if you’re a customer, there isn’t something bigger going on.”
The attacks also demonstrate how aggressive the hackers are, he said.
Microsoft stated that the hackers stole access to source code repositories and internal systems. The corporation owns GitHub, a public repository for software code.
“This is the kind of thing that we’re really worried about,” Segura said in an interview. “The attacker would want to use Microsoft’s secrets to get into production environments and then compromise software and put backdoors and things like that.”
Previously, Microsoft stated that the hackers broke into staff emails by exploiting a dormant account in a “password spray” assault, which involves using the same password on many accounts until they break into one. According to Microsoft’s blog, such attacks have escalated by up to tenfold in Midnight Blizzard’s most recent attempts since the January breach.
According to numerous analysts who follow the group, Midnight Blizzard targets governments, diplomatic agencies, and non-governmental organizations. In a January statement, Microsoft claimed Midnight Blizzard was most likely targeting it since the corporation had conducted an extensive study into the hacker group’s operations.
Microsoft’s threat intelligence team has been researching and sharing information on Nobelium since at least 2021, when the group was discovered to be responsible for the SolarWinds assault that compromised a number of US federal institutions.
The frequent attempts to hack Microsoft indicate a “sustained, significant commitment of the threat actor’s resources, coordination, and focus,” the company stated on Friday.
“It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found,” according to the statement.
“Some of these secrets were shared between customers and Microsoft in email, and as we discovered them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Microsoft did not name the affected consumers.
Also read: Women in the technology industry is constantly increasing, says Rajita Bhatnagar
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
