Microsoft has given an update on the continuous cyber attack launched by suspected Russian state-backed hackers against the company.
The group known as Midnight Blizzard has targeted Microsoft’s internal systems by utilizing information obtained during a previous attack, as revealed by the tech giant in an official blog post.
Microsoft has shared the latest developments with the US Securities and Exchange Commission through a recent filing published on Friday.
Recent findings indicate that Midnight Blizzard has been leveraging data extracted from Microsoft’s corporate email systems to gain unauthorized access to the company’s source code repositories and internal systems. Notably, there is no evidence yet of compromise to Microsoft’s customer-facing systems.
What was the initial cyber attack by Midnight Blizzard on Microsoft?
During a reconnaissance mission, Midnight Blizzard, also known as Nobelium, gained entry to a legacy system account through a password-spraying attack.
The malicious activity was detected on January 12th, but it is believed to have started in late November 2024, requiring the tech giant to address the significant breach after its discovery.
Now facing further intrusions, Microsoft noted an increase in the volume of attacks with hackers attempting to exploit various discovered secrets. The company reported a nearly tenfold increase in password sprays in February, surpassing the heightened activity seen in January.
The ongoing cyber attack by Midnight Blizzard is described as a sophisticated, well-organized effort that continues unabated, with the threat actors dedicating significant resources, coordination, and focus to their malicious activities. These actions indicate a growing global threat landscape, particularly in terms of advanced nation-state attacks.
Microsoft remains dedicated to investigating Midnight Blizzard’s activities, with the hacker group suspected to be operating under the direction of Russia’s Foreign Intelligence Service, SVR.
Featured image: Pexels
