Microsoft says Russian hackers breached its systems, accessed source code
BleepingComputer
|
Summary
In March 2024, Microsoft announced a security breach by the Russian hacking group Midnight Blizzard (aka NOBELIUM), which managed to access internal systems and source code repositories utilizing authentication secrets previously stolen during a January cyberattack. This cyberattack involved a sophisticated strategy where the attackers infiltrated Microsoft's email servers through a password spray attack, targeting a non-production test tenant account lacking multi-factor authentication. This lapse in security enabled the threat actors to access corporate emails, including those of Microsoft's leadership, cybersecurity, and legal departments. The hackers exploited the stolen information to further penetrate Microsoft's systems, including source code repositories. Despite these breaches, Microsoft has found no evidence of compromise to customer-facing systems. The company has increased security measures and is coordinating with federal law enforcement and affected customers to mitigate the risks posed by the ongoing activities of Midnight Blizzard. This group, linked to Russia's SVR, is known for its involvement in significant cyberespionage activities, including the 2020 SolarWinds attack and other operations targeting NATO and EU countries.
