Earlier this year, tech titan Microsoft discovered that it is facing cyber attacks from the Russian-linked hacker group Midnight Blizzard. Now, in a new blog post, the company has revealed a renewed attempt by the same suspected Russian hacking group, Midnight Blizzard (also known as Nobelium, Cozy Bear and APT29), to infiltrate its systems. This ongoing attack follows a previous incident in January 2024, when the group gained access to sensitive corporate emails, including those of senior management.
This is not the first time Russia has been accused of cyberattacks β several similar accusations have been made in connection with cyberattacks against Western countries and companies during Russia’s war against Ukraine.
Microsoft revealed on Friday that Midnight Blizzard had expanded its targets to the company’s source code repositories and internal systems. Currently, Midnight Blizzard is now exploiting the stolen email data to launch further attacks, attempting to gain unauthorized access to Microsoft’s internal systems and, more critically, its source code repositories. Microsoft has not (yet) confirmed any source code theft. βIn recent weeks, we have seen evidence that Midnight Blizzard is using information originally extracted from our corporate email systems to gain or attempt to gain unauthorized access. This includes access to some of the company’s source code repositories and internal systems. To date, we have found no evidence that customer systems hosted by Microsoft have been compromised,” Microsoft said in its blog post.
Speaking more about the group, Midnight Blizzard, also known as Nobelium, Cozy Bear and APT29, is a suspected Russian hacking group believed to be linked to the Foreign Intelligence Service (SVR). and has a history of high-profile attacks. They were implicated in the 2016 Democratic National Committee breach and the 2020 SolarWinds hack, which compromised several US government agencies.
The hacker group has reportedly become more aggressive in its approach. Their reliance on “password spoofing” β a brutal technique to try to enter multiple passwords on different accounts β increased tenfold compared to the January attack. In addition, they exploit stolen secrets, potentially including login credentials shared by Microsoft and its users, to gain unauthorized access. Despite the renewed attack, Microsoft assures that there is no evidence to suggest that its user systems have been compromised. For its part, the company has taken steps to strengthen its security posture, implementing improved controls, detection and monitoring measures. They are actively investigating the ongoing campaign and promise to share their findings as the situation develops.